11.11.2024 17:15 Several security issues were fixed in OpenJDK 21.
11.11.2024 17:15 Several security issues were fixed in OpenJDK 17.
11.11.2024 07:30 Several security issues were fixed in QEMU.
11.11.2024 07:30 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code.
11.11.2024 07:30 An update that solves four vulnerabilities and has one errata is now available.
10.11.2024 01:30 A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
09.11.2024 16:30 Invalid low-level GF parameters can lead to an OOB memory access. References: - https://bugs.mageia.org/show_bug.cgi?id=33736
09.11.2024 16:30 HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
09.11.2024 16:30 In Libheif, insufficient checks in ImageOverlay::parse while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. References:
09.11.2024 16:30 Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parsing `multipart/form-data` requests are vulnerable to a relatively simple but effective resource exhaustion attack. A
09.11.2024 16:30 Permission leak via embed or object elements. Use-after-free in layout with accessibility. Confusing display of origin for external protocol handler prompt. XSS due to Content-Disposition being ignored in
09.11.2024 16:30 Permission leak via embed or object elements. Use-after-free in layout with accessibility. Confusing display of origin for external protocol handler prompt. XSS due to Content-Disposition being ignored in
09.11.2024 06:30 An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request.
09.11.2024 06:30 When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization
09.11.2024 06:30 An update that fixes one vulnerability is now available.
