09.11.2024 16:30 Invalid low-level GF parameters can lead to an OOB memory access. References: - https://bugs.mageia.org/show_bug.cgi?id=33736
09.11.2024 16:30 HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
09.11.2024 16:30 In Libheif, insufficient checks in ImageOverlay::parse while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. References:
09.11.2024 16:30 Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parsing `multipart/form-data` requests are vulnerable to a relatively simple but effective resource exhaustion attack. A
09.11.2024 16:30 Permission leak via embed or object elements. Use-after-free in layout with accessibility. Confusing display of origin for external protocol handler prompt. XSS due to Content-Disposition being ignored in
09.11.2024 16:30 Permission leak via embed or object elements. Use-after-free in layout with accessibility. Confusing display of origin for external protocol handler prompt. XSS due to Content-Disposition being ignored in
09.11.2024 06:30 An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request.
09.11.2024 06:30 When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization
09.11.2024 06:30 An update that fixes one vulnerability is now available.
09.11.2024 06:30 It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
09.11.2024 06:30 * bsc#1231702 * bsc#1231711 * bsc#1231716 * bsc#1231719
09.11.2024 06:30 * bsc#1230906 * bsc#1232241 Cross-References: * CVE-2024-9287
08.11.2024 20:30 The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
08.11.2024 20:30 The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
08.11.2024 20:30 The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
