Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Fix issue with notice events for connection timeouts.
Fix issue with reason code and deauthenticate event.
Fix issue with handling basename() functionality.
libell 0.63:
Fix issue with handling ending boundary of the PEM.
Fix issue with notice events for connection timeouts.
Fix issue with reason code and deauthenticate event.
Fix issue with handling basename() functionality.
libell 0.63:
Fix issue with handling ending boundary of the PEM.
It was discovered that when python-openstackclient attempted to delete a
non-existing access rule, it would delete another existing access rule
instead, contrary to expectations.
It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A
remote attacker could use this issue to cause Cpanel-JSON-XS to crash,
resulting in a denial of service, or possibly obtain sensitive information.
It was discovered that libuv incorrectly truncated certain hostnames. A
remote attacker could possibly use this issue with specially crafted
hostnames to bypass certain checks.
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Unbound incorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Unbound to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Unbound incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Unbound to consume resources, leading to a denial of service.
(CVE-2023-50868)
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1156.
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
