Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
24e294103b57531588198722a8954c8fef2961b6fe2c3e09f03d5ab90505e314
Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.
8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ff
Debian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
b17a58234680a0c5aafdce8c0723d0bcd3b37e52e58f503e9d474637684d07e9
Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
d62707100da90e7c8560c32373576a042f7f047cdbc704242f9e1e1c250d8e49
Debian Linux Security Advisory 5526-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
46cb308795f98ff9a9e444ff6b114afd63592578e7be19a637bbd471ef7fa013
Debian Linux Security Advisory 5525-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
796922c8109c26f29b46a6c85521b96598f1e79e22b650b1166a48c9207bd4e0
Debian Linux Security Advisory 5524-1 - Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
0dc64d4ebf0f6239a32a14b6769b865a9f52d1ecca767b643d7833243549abdb
Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.
6f8cac21edc730d0834c13186c9df39c586cd8ff7546f9e0e8f727ca7b9552ec
Debian Linux Security Advisory 5522-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
f983a0a85802b2763746bf3bfa97b1786563f79ce2c2bd56f8c915338b5146ae
Debian Linux Security Advisory 5521-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
b338488c5464d5bdd84d31ab4e0b256bea10aee07e761992644b89efd3034b56
Debian Linux Security Advisory 5520-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure.
c9b0eef917ca7122324a4555874745119c1290c98bda7f3ff8c5cf676e9d555b
Debian Linux Security Advisory 5519-1 - Maxim Suhanov discovered multiple vulnerabilities in GURB2's code to handle NTFS filesystems, which may result in a Secure Boot bypass.
69c6c2e6aac12f53f91896003b4bf1c34f93099bdaab89e3995c3c1a344d85ba
Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.
eb62052f20afec6631cee0e55838564f5ecd4b20480581c59d7bc6259b36f333
Debian Linux Security Advisory 5517-1 - Multiple security vulnerabilities were discovered in libx11, the X11 client-side library, which may result in denial of service or the execution of arbitrary code.
720490c80ef3aa2a17edad26fcd6d8d48e159dca68407486683f57a9a0486b0a
Debian Linux Security Advisory 5516-1 - Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code.
f60e21b5987bbfca58d29d51d3ec46eb520806e3241866c977f951b13b267dca
Debian Linux Security Advisory 5515-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
cd387add5ecac48e0ec28d632aaa0667202aefef4687f0629b6c55ff658c3240
Debian Linux Security Advisory 5514-1 - The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.
a79c990734c79f4a2e535800be7b51931296133795be03c15dbd74fa4e5e4b50
Debian Linux Security Advisory 5513-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
351508c91f2f195312c3b99007306f255460d396a1eb8a8f18501bde2385668c
Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.
a28c2d03163448e0e92324757faf8e3aa4ac5645fdda00d5756c2bf6e82c4a31
Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.
1518e0099ccd906d33af69afafa10ef3ebd6d28f34c143d4f89b8e793d316b29
Debian Linux Security Advisory 5510-1 - Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed.
b4dcffb697fe696e6e00d091270e45177bfc156ae9ad8536bd789d4e459ada94
Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
73d931fd3d0a9ba4c7430142c4e60873dc6b90250043fa116b8116cf5495e494
Debian Linux Security Advisory 5508-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
5550e68ba1d2b614ebdd9b77285dea84c54ce37ebdd27ec26f2df951e220f22c
Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.
add9ce48f70949f251aaf9dc376f273010c354d922fa240e65e58d7f6bb3685a
Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
18b459d841c3090b650f653a600f68d9946039a5cb0783b9ed0a8872fac2f6d6