nginx-1.26.1-1.fc39
FEDORA-2024-2e4858330c Packages in this update: nginx-1.26.1-1.fc39 Update description: *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process...
USN-6802-1: PostgreSQL vulnerability
Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read...
USN-6801-1: PyMySQL vulnerability
It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks. Read More
USN-6800-1: browserify-sign vulnerability
It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening...
ZDI-24-526: (Pwn2Own) VMware Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code...
CyberDanube Security Research 20240528-0 | Multiple Vulnerabilities in ORing IAP-420
Posted by Thomas Weber via Fulldisclosure on May 29 CyberDanube Security Research 20240528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| ORing IAP-420 vulnerable version| 2.01e fixed version|...
HNS-2024-06 – HN Security Advisory – Multiple vulnerabilities in Eclipse ThreadX
Posted by Marco Ivaldi on May 29 Hi, Please find attached a security advisory that describes multiple vulnerabilities we discovered in Eclipse ThreadX (aka Azure...
Multiple Vulnerabilities in Fortinet FortiSIEM Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Fortinet FortiSIEM which could allow for remote code execution. FortiSIEM is a multi-tenant SIEM that offers real-time infrastructure and...
USN-6799-1: Werkzeug vulnerability
It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code...
USN-6798-1: GStreamer Base Plugins vulnerability
It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause...