DSA-5772-1 libreoffice – security update

Read Time:16 Second

Yufan You discovered that Libreoffice’s handling of documents based on
ZIP archives was suspectible to spoofing attacks when the repair mode
attempts to address a malformed archive structure.

For additional information please refer to
https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/

https://security-tracker.debian.org/tracker/DSA-5772-1

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-7015-1: Python vulnerabilities

Read Time:53 Second

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)

Read More

News, Advisories and much more

Exit mobile version