It was discovered that Rack incorrectly parse some headers.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27539, CVE-2024-26141, CVE-2024-26146)
Category Archives: Advisories
ZDI-24-290: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23609.
ZDI-24-289: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23612.
ZDI-24-288: NI LabVIEW VI File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23611.
ZDI-24-287: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23610.
ZDI-24-286: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23608.
ZDI-24-285: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23609.
libreswan-4.14-1.fc38
FEDORA-2024-1439ec2069
Packages in this update:
libreswan-4.14-1.fc38
Update description:
Update to 4.14 for CVE-2024-2357, v6 SAN name and TFC padding fix for AEAD
rubygem-yard-0.9.36-1.fc38
FEDORA-2024-3744975c4b
Packages in this update:
rubygem-yard-0.9.36-1.fc38
Update description:
A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack. This issue is now assigned as CVE-2024-27285 . This new rpm is supposed to fix this issue.
libreswan-4.14-1.fc39
FEDORA-2024-312a5ed3d5
Packages in this update:
libreswan-4.14-1.fc39
Update description:
Update to 4.14 for CVE-2024-2357, v6 SAN name and TFC padding fix for AEAD