GLSA 202411-07: Pillow: Arbitrary code execution
Post Content Read More
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via...
dotnet9.0-9.0.100-1.fc40
FEDORA-2024-70cf80279f Packages in this update: dotnet9.0-9.0.100-1.fc40 Update description: This is the .NET 9.0 GA release. It contains security fixes for CVE-2024-43498 and CVE-2024-43499 Announcement: https://devblogs.microsoft.com/dotnet/announcing-dotnet-9/...
USN-7089-6: Linux kernel vulnerabilities
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A...
ZDI-CAN-25636: iXsystems
A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)' was reported to the affected vendor on: 2024-11-15, 0...
USN-7112-1: GD Graphics Library vulnerability
It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked...
DSA-5814-1 thunderbird – security update
A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. https://security-tracker.debian.org/tracker/DSA-5814-1 Read More
DSA-5813-1 symfony – security update
Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass. https://security-tracker.debian.org/tracker/DSA-5813-1 Read More
DSA-5812-1 postgresql-15 – security update
Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation. https://security-tracker.debian.org/tracker/DSA-5812-1 Read More
USN-7111-1: Go vulnerabilities
Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-41723) Marten...