Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
Posted by Jeroen Hermans via Fulldisclosure on Dec 02
CloudAware Security Advisory
[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software
========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required….
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
Yuki Mogi discovered that HAProxy incorrectly handled the interpretation
of certain HTTP requests. A remote attacker could possibly use this issue
to perform a request smuggling attack and obtain sensitive information.
radare2-5.9.8-4.el10_0
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
iaito-5.9.9-2.fc41
radare2-5.9.8-4.fc41
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
iaito-5.9.9-2.el8
radare2-5.9.8-5.el8
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
fix CVE-2024-48241
iaito-5.9.9-2.fc40
radare2-5.9.8-4.fc40
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
iaito-5.9.9-2.el9
radare2-5.9.8-4.el9
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
fix CVE-2024-48241
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
