07.04.2024 15:30 Two issues have been found in libcaca, a colour ASCII art library. Both are related to heap buffer overflow, which might lead to memory corruption.
07.04.2024 15:30 Multiple ethernet Network Interface Card device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.
07.04.2024 15:30 Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users.
07.04.2024 15:30 Two Cross-site scripting vulnerabilities have been found that affect SquirrelMail version 1.2.7 and earlier.
07.04.2024 15:30 A security hole has been found that does not affect the default configuration of Red Hat Linux, but can affect some custom configurations of Red Hat Linux 7.1 only. The bug is specific to the Linux 2.4 kernel series.
07.04.2024 15:30 Several issues have been found in libgd2, a GD Graphics Library. They are related to out-of-bounds reads or NULL pointer derefence allowing denial of service attacks.
07.04.2024 05:15 The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause
07.04.2024 05:15 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state , TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
07.04.2024 05:15 On July 30, we released a security advisory concerning vulnerabilities in OpenSSL, including a buffer overflow in the SSL code. This vulnerability is currently being exploited by a worm called Slapper, propagating through Apache's mod_ssl module.
07.04.2024 05:15 In versions of the PHP 3 packages before version 3.0.17, several formatstring bugs could allow properly crafted requests to execute code as theuser running PHP scripts on the web server, particularly if error loggingwas enabled.
07.04.2024 05:15 The problemcan be used to bypass access restrictions in the web server. Anattacker can view the contents of directories and download filesdirectly rather then receiving their HTML output.
06.04.2024 18:16 Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2024-24549
06.04.2024 08:00 update to 123.0.6312.105 * High CVE-2024-3156: Inappropriate implementation in V8 * High CVE-2024-3158: Use after free in Bookmarks * High CVE-2024-3159: Out of bounds memory access in V8
06.04.2024 08:00 4.2.3
06.04.2024 08:00 Update to 1.22.2 Security fixes for CVE-2023-7158 and CVE-2023-7152
