SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19 SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product:...
MindManager 23 – full disclosure
Posted by Pawel Karwowski via Fulldisclosure on Apr 19 Resending! Thank you for your efforts. GitHub - pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc> Affected application: MindManager23_setup.exe Platform: Windows...
USN-6741-1: Linux kernel vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without...
USN-6740-1: Linux kernel vulnerabilities
Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A...
USN-6739-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use...
flatpak-1.15.8-1.fc39
FEDORA-2024-c8d21fe399 Packages in this update: flatpak-1.15.8-1.fc39 Update description: Update to 1.15.8 Fix CVE-2024-32462 Read More
flatpak-1.15.8-1.fc40
FEDORA-2024-43ea98691e Packages in this update: flatpak-1.15.8-1.fc40 Update description: Update to 1.15.8 Fixes CVE-2024-32462 Read More
ZDI-24-368: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but...
DSA-5666-1 flatpak – security update
Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. https://security-tracker.debian.org/tracker/DSA-5666-1 Read More
DSA-5667-1 tomcat9 – security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer...