python3.9-3.9.21-1.fc42
Automatic update for python3.9-3.9.21-1.fc42.
* Tue Dec 3 2024 Lumír Balhar <lbalhar@redhat.com> – 3.9.21-1
– Update to 3.9.21
– Fixes: rhbz#2321662
matrix-synapse-1.111.1-2.fc40
Backport fixes from v1.120.1
matrix-synapse-1.118.0-2.fc41
Backport fixes from v1.120.1
Posted by Security Explorations on Dec 03
Hello All,
We have released a technical document pertaining to our Warbird / PMP security
research. It is available for download from this location:
https://security-explorations.com/materials/wbpmp_doc.md.txt
The document provides a more in-depth technical explanation, illustration and
verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64
and pertaining to the following in particular:
– Warbird deficiencies
– content…
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-49797.
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.8. The following CVEs are assigned: CVE-2024-42070.
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
Posted by Jeroen Hermans via Fulldisclosure on Dec 02
CloudAware Security Advisory
[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software
========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required….
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
Yuki Mogi discovered that HAProxy incorrectly handled the interpretation
of certain HTTP requests. A remote attacker could possibly use this issue
to perform a request smuggling attack and obtain sensitive information.
