Memory corruption in WebGL API. (CVE-2024-6600) Race condition in permission assignment. (CVE-2024-6601) Memory corruption in thread creation. (CVE-2024-6603) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. (CVE-2024-6604)
Inappropriate implementation in V8. (CVE-2024-6772) Type Confusion in V8. (CVE-2024-6773) Use after free in Screen Capture. (CVE-2024-6774) Use after free in Media Stream. (CVE-2024-6775) Use after free in Audio. (CVE-2024-6776)
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Fixed a vulnerability about trusted locations References: - https://bugs.mageia.org/show_bug.cgi?id=33410 - https://github.com/lxqt/libfm-qt/pull/992
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is
Memory corruption in WebGL API. (CVE-2024-6600) Race condition in permission assignment. (CVE-2024-6601) Memory corruption in NSS. (CVE-2024-6602) Memory corruption in thread creation. (CVE-2024-6603) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and
TLS certificates are not properly verified when utilizing LibreOfficeKit. (CVE-2024-5261) References: - https://bugs.mageia.org/show_bug.cgi?id=33370
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed
Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33374
Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. (CVE-2024-37894) References:
This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to âsuperuserâ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile.
Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. (CVE-2024-6239)
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. (CVE-2024-38439) Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. (CVE-2024-36387) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. (CVE-2024-39844) References: - https://bugs.mageia.org/show_bug.cgi?id=33364
CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code References: - https://bugs.mageia.org/show_bug.cgi?id=33354
Control channel: refuse control channel messages with nonprintable characters in them. (CVE-2024-5594) References: - https://bugs.mageia.org/show_bug.cgi?id=33336
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
