FEDORA-EPEL-2024-db9e2d0206

Packages in this update:

chromium-130.0.6723.69-1.el9

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

FEDORA-2024-f1117faa03

Packages in this update:

chromium-130.0.6723.69-1.fc40

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

FEDORA-2024-b07b0b41ec

Packages in this update:

llama-cpp-b3561-1.fc40

Update description:

Update to b3561

Read More

FEDORA-2024-51bff89a25

Packages in this update:

python-quart-0.19.8-1.fc40

Update description:

Security fix for GHSA-q34m-jh98-gwm2.

0.19.8 2024-10-25

Bugfix: Fix missing check that caused the previous fix to raise an error.

0.19.7 2024-10-25

Security Fix: how max_form_memory_size is applied when parsing large non-file fields. https://github.com/advisories/GHSA-q34m-jh98-gwm2

Read More

FEDORA-2024-2f78bf0769

Packages in this update:

python-quart-0.19.8-1.fc41

Update description:

Security fix for GHSA-q34m-jh98-gwm2.

0.19.8 2024-10-25

Bugfix: Fix missing check that caused the previous fix to raise an error.

0.19.7 2024-10-25

Security Fix: how max_form_memory_size is applied when parsing large non-file fields. https://github.com/advisories/GHSA-q34m-jh98-gwm2

Read More

Christoper L. Shannon discovered that the implementation of the OpenWire
protocol in Apache ActiveMQ was susceptible to the execution of
arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5798-1

Read More

FEDORA-2024-e82145eb25

Packages in this update:

python-single-version-1.6.0-1.fc40

Update description:

Initial import

Read More

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24

SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
    fixed version: 4.5.6.0
       CVE number: CVE-2024-6049
           impact: high
homepage:…

Read More

Posted by Sandro Gauci via Fulldisclosure on Oct 24

Dear Full Disclosure community,

We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.

White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf

Key points:

1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…

Read More

Posted by malvuln on Oct 24

Adversary3 malware vulnerability intel tool for third-party attackers
living off malware (LOM), updated with 700 malware and C2 panel
vulnerabilities

https://github.com/malvuln/Adversary3

Thanks,
malvuln

Read More