This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-50186.
Daily Archives: April 19, 2024
DSA-5667-1 tomcat9 – security update
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
CVE-2023-46589
Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header
that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability. It was possible
for WebSocket clients to keep WebSocket connections open leading to
increased resource consumption.
DSA-5666-1 flatpak – security update
Gergo Koteles discovered that sandbox restrictions in Flatpak, an
application deployment framework for desktop apps, could by bypassed in
combination with xdg-desktop-portal.