A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Jetty 9 is a Java based web server and servlet engine. Several security
vulnerabilities have been discovered which may allow remote attackers to cause
a denial of service by repeatedly sending crafted requests which can trigger
OutofMemory errors and exhaust the server’s memory.
CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been
deprecated. These classes should no longer be used in a production environment.
A security vulnerability was found in Tomcat 10, a Java based web server and
servlet engine. A malicious user was able to view security sensitive files
and/or inject content into those files when writes were enabled for the default
servlet (disabled by default) and support for partial PUT was enabled
(default). Under certain circumstances, depending on the application in use,
remote code execution may have been possible.
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, HTTP request smuggling, cache poisoning or incomplete
dropping of privileges.
Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder
lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities,
which may lead to denial of service (application crash) or the execution
of arbitrary code.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– GPU drivers;
– HID subsystem;
– Media drivers;
– JFS file system;
– Network namespace;
– Networking core;
– Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
