Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
Category Archives: Advisories
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Critical Patches Issued for Microsoft Products, October 8, 2024
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
python-virtualenv-20.21.1-25.el10_0~bootstrap
FEDORA-EPEL-2024-34cd7a65de
Packages in this update:
python-virtualenv-20.21.1-25.el10_0~bootstrap
Update description:
Prevent command injection by quoting template strings in activation scripts
python-virtualenv-20.21.1-25.fc41
FEDORA-2024-89014f5794
Packages in this update:
python-virtualenv-20.21.1-25.fc41
Update description:
Prevent command injection by quoting template strings in activation scripts
python-virtualenv-20.21.1-25.fc40
FEDORA-2024-112e897674
Packages in this update:
python-virtualenv-20.21.1-25.fc40
Update description:
Prevent command injection by quoting template strings in activation scripts
python-virtualenv-20.21.1-25.fc39
FEDORA-2024-f7d6b76677
Packages in this update:
python-virtualenv-20.21.1-25.fc39
Update description:
Prevent command injection by quoting template strings in activation scripts
USN-7058-1: .NET vulnerabilities
Brennan Conroy discovered that the .NET Kestrel web server did not
properly handle closing HTTP/3 streams under certain circumstances. An
attacker could possibly use this issue to achieve remote code execution.
This vulnerability only impacted .NET8. (CVE-2024-38229)
It was discovered that .NET components designed to process malicious input
were susceptible to hash flooding attacks. An attacker could possibly use
this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43483)
It was discovered that the .NET System.IO.Packaging namespace did not
properly process SortedList data structures. An attacker could possibly
use this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43484)
It was discovered that .NET did not properly handle the deserialization of
of certain JSON properties. An attacker could possibly use this issue to
cause a denial of service, resulting in a crash. (CVE-2024-43485)
USN-7057-2: WEBrick vulnerability
USN-7057-1 fixed a vulnerability in WEBrick. This update provides the
corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.