Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.
c7cd6edc99b5ce7844173fe4d604a48697cb21e1fdd4652f16343b8de2a04955Debian Linux Security Advisory 5542-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
21987c129e7f038834496daa8b4bb9533290aebfe3172991bd4e6b20ca3959b7Debian Linux Security Advisory 5541-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
c0e0249164fd47321acc5693b290a1534941789af87d3a335b2f846ab218b78dDebian Linux Security Advisory 5540-1 - Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
19d34104164c646ad6b0f2161a5af11a88009b06f4e5e247a2834dd69e90401aDebian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
bd4d2f5bb4a56492acf5a0f3f5a7176edb7f3f2a9e00ffd9fa12ec5357176f21Debian Linux Security Advisory 5538-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
13d430a698ce0376929e6fb9fcb25cf1473b6d7614ae60cd378159bce26b0833Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.
0eeed70553bfb9531621dba4f488f4691219e3d5cde4d3a4e900f1210dea1363Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
8dc27122c27d00fc7f75791b3d0ac5dda33c19caad3ed212f62aa04a79188200Debian Linux Security Advisory 5535-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.
31326e3bd72b90ad6621e9d37862b27a7cad328df1c95186a8f867b22ff92361Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
2d877389e6dc5bf119f1d41ac788f45ac3278834d8f069872721785ab249a780Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
e81e72b3f33ad104bd4e5d6d63cad2f41395d2a21ad58de85a5bb5b09cd20348Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.
0805665325be039bebf1106b9e5ef924fa2a8fe8807bc8c416268fe331d060a2Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.
961824a129d751981518c8ecfbe654d441e2922aec3a9645d77dae20b42b7ecdDebian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559fDebian Linux Security Advisory 5527-2 - The webkit2gtk update released as 5527-1 introduced a regression that is causing programs such as yelp, liferea or gnucash to stop working in certain cases.
909e79d93d0d38387f3f75341947b7b503ff64d91efd8229a63c7f692cc14684Debian Linux Security Advisory 5529-1 - Francois Diakhate discovered that several race conditions in file processing of the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, could result in denial of service by overwriting arbitrary files.
2cab2219e1844c1e5042a5b8b60c052e98d2ea56538c5e952de91f15a9d11ad3Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
24e294103b57531588198722a8954c8fef2961b6fe2c3e09f03d5ab90505e314Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.
8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ffDebian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
b17a58234680a0c5aafdce8c0723d0bcd3b37e52e58f503e9d474637684d07e9Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
d62707100da90e7c8560c32373576a042f7f047cdbc704242f9e1e1c250d8e49Debian Linux Security Advisory 5526-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
46cb308795f98ff9a9e444ff6b114afd63592578e7be19a637bbd471ef7fa013Debian Linux Security Advisory 5525-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
796922c8109c26f29b46a6c85521b96598f1e79e22b650b1166a48c9207bd4e0Debian Linux Security Advisory 5524-1 - Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
0dc64d4ebf0f6239a32a14b6769b865a9f52d1ecca767b643d7833243549abdbDebian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.
6f8cac21edc730d0834c13186c9df39c586cd8ff7546f9e0e8f727ca7b9552ecDebian Linux Security Advisory 5522-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
f983a0a85802b2763746bf3bfa97b1786563f79ce2c2bd56f8c915338b5146ae
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed