Zuletzt aktualisiert: 2025-01-19T15:35:03Z
2025-01-17
Several problems have been addressed in Tomcat 10, a Java based web server,
servlet and JSP engine which may lead to a denial-of-service.
CVE-2024-38286
Apache Tomcat, under certain configurations, allows an attacker to cause an
OutOfMemoryError by abusing the TLS handshake process.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is
configured to use a custom Jakarta Authentication (formerly JASPIC)
ServerAuthContext component which may throw an exception during the
authentication process without explicitly setting an HTTP status to
indicate failure, the authentication may not fail, allowing the user to
bypass the authentication process. There are no known Jakarta
Authentication components that behave in this way.
CVE-2024-50379 / CVE-2024-56337
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP
compilation in Apache Tomcat permits an RCE on case insensitive file
systems when the default servlet is enabled for write (non-default
configuration).
Some users may need additional configuration to fully mitigate
CVE-2024-50379 depending on which version of Java they are using with
Tomcat.
https://security-tracker.debian.org/tracker/DSA-5845-1
=> Mehr
2025-01-16
The update for rsync announced in DSA 5843-1 introduced a regression
when using the -H option to preserve hard links. Updated packages are
now available to correct this issue.
https://security-tracker.debian.org/tracker/DSA-5843-2
=> Mehr
2025-01-15
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5844-1
=> Mehr
2025-01-14
Several vulnerabilities were discovered in rsync, a fast, versatile,
remote (and local) file-copying tool.
CVE-2024-12084
Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a
heap-based buffer overflow vulnerability due to improper handling of
attacker-controlled checksum lengths. A remote attacker can take
advantage of this flaw for code execution.
CVE-2024-12085
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a flaw in
the way rsync compares file checksums, allowing a remote attacker to
trigger an information leak.
CVE-2024-12086
Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a flaw
which would result in a server leaking contents of an arbitrary file
from the client's machine.
CVE-2024-12087
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a path
traversal vulnerability in the rsync daemon affecting the
--inc-recursive option, which could allow a server to write files
outside of the client's intended destination directory.
CVE-2024-12088
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported that when
using the --safe-links option, rsync fails to properly verify if a
symbolic link destination contains another symbolic link with it,
resulting in path traversal and arbitrary file write outside of the
desired directory.
CVE-2024-12747
Aleksei Gorban "loqpa" discovered a race condition when handling
symbolic links resulting in an information leak which may enable
escalation of privileges.
https://security-tracker.debian.org/tracker/DSA-5843-1
=> Mehr
2025-01-11
Several vulnerabilities were discovered in OpenAFS, an implementation of
the AFS distributed filesystem, which may result in theft of credentials
in Unix client PAGs (CVE-2024-10394), fileserver crashes and information
leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR
responses resulting in denial of service and potentially code execution
(CVE-2024-10397).
https://security-tracker.debian.org/tracker/DSA-5842-1
=> Mehr
2025-01-10
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5841-1
=> Mehr
2025-01-09
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5840-1
=> Mehr
2025-01-08
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5839-1
=> Mehr
2024-12-29
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
https://security-tracker.debian.org/tracker/DSA-5838-1
=> Mehr
2024-12-26
Two security issues have been discovered in FastNetMon, a fast DDoS
analyzer: Malformed Netflow/sFlow traffic could result in denial of
service.
https://security-tracker.debian.org/tracker/DSA-5837-1
=> Mehr
2024-12-26
Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in privilege escalation, denial of service or
information leaks.
https://security-tracker.debian.org/tracker/DSA-5836-1
=> Mehr
2024-12-25
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-54479
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-54502
Brendon Tiszka discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-54505
Gary Kwong discovered that processing maliciously crafted web
content may lead to memory corruption.
CVE-2024-54508
linjy, chluo and Xiangwei Zhang discovered that processing
maliciously crafted web content may lead to an unexpected process
crash.
https://security-tracker.debian.org/tracker/DSA-5835-1
=> Mehr
2024-12-20
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5834-1
=> Mehr
2024-12-17
A buffer overflow was discovered in the vhost code of DPDK, a set of
libraries for fast packet processing, which could result in denial of
service or the execution of arbitrary code by malicious
guests/containers.
https://security-tracker.debian.org/tracker/DSA-5833-1
=> Mehr
2024-12-16
Antonio Morales reported an integer overflow vulnerability in the memory
allocator in the Core GStreamer libraries, which may result in denial of
service or potentially the execution of arbitrary code if a malformed
media file is processed.
https://security-tracker.debian.org/tracker/DSA-5832-1
=> Mehr
2024-12-14
Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.
https://security-tracker.debian.org/tracker/DSA-5831-1
=> Mehr
2024-12-12
A security vulnerability was discovered in Smarty, a template engine for
PHP, which could result in PHP code injection.
https://security-tracker.debian.org/tracker/DSA-5830-1
=> Mehr
2024-12-12
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5829-1
=> Mehr
2024-12-11
Multiple security vulnerabilities were discovered in python-aiohttp,
a HTTP client/server for asyncio, which could result in denial of
service, directory traversal, CRLF injection or request smuggling.
https://security-tracker.debian.org/tracker/DSA-5828-1
=> Mehr
2024-12-10
Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.
https://security-tracker.debian.org/tracker/DSA-5827-1
=> Mehr
2024-12-10
Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.
https://security-tracker.debian.org/tracker/DSA-5826-1
=> Mehr
2024-12-06
Sage McTaggart discovered an authentication bypass in radosgw, the RADOS
REST gateway of Ceph, a distributed storage and file system.
https://security-tracker.debian.org/tracker/DSA-5825-1
=> Mehr
2024-12-06
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5824-1
=> Mehr
2024-12-02
The update for needrestart announced as DSA 5815-1 introduced a
regression reporting false positives for processes running in chroot or
mountns. Updated packages are now available to correct this issue.
https://security-tracker.debian.org/tracker/DSA-5815-2
=> Mehr
2024-12-02
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-44308
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have
been actively exploited on Intel-based Mac systems.
CVE-2024-44309
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to a cross site scripting
attack. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.
https://security-tracker.debian.org/tracker/DSA-5823-1
=> Mehr
2024-12-02
It was discovered that in SimpleSAMLphp, an implementation of the SAML
2.0 protocol, is prone to a XXE vulnerability when loading an
(untrusted) XML document.
https://security-tracker.debian.org/tracker/DSA-5822-1
=> Mehr
2024-11-27
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5821-1
=> Mehr
2024-11-27
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, spoofing or cross-site scripting.
https://security-tracker.debian.org/tracker/DSA-5820-1
=> Mehr
2024-11-26
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service, CLRF injection or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5819-1
=> Mehr
2024-11-24
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5818-1
=> Mehr
════════════════════════
Skriptlauf: 2025-01-19T18:32:02
=> 🏡 This content has been proxied by September (ba2dc).Proxy Information
text/gemini