In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References:
Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. (CVE-2024-50336) References: - https://bugs.mageia.org/show_bug.cgi?id=33852
RCE due to TOCTOU issue in JSP compilation. (CVE-2024-50379) DoS in examples web application. (CVE-2024-54677) References: - https://bugs.mageia.org/show_bug.cgi?id=33863
Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33846
Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the
CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh References: - https://bugs.mageia.org/show_bug.cgi?id=33851
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only
When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. (CVE-2023-1544)
Buffer overflow in socks proxy code in glib < 2.82.1. (CVE-2024-52533) References: - https://bugs.mageia.org/show_bug.cgi?id=33766 - https://www.openwall.com/lists/oss-security/2024/11/12/11
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)
Select list elements could be shown over another site. (CVE-2024-11692) CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695)
Select list elements could be shown over another site. (CVE-2024-11692) CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695)
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. (CVE-2024-52530) GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
The updated package fixes a security vulnerability: CVE-2024-52949. References: - https://bugs.mageia.org/show_bug.cgi?id=33799 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/D6UQOVVH4Y5FENNI3EJA5R7V3JBWCKEK/
A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. (CVE-2024-27628) References:
Authentication bypass when using Jakarta Authentication API. (CVE-2024-52316) Incorrect JSP tag recycling leads to XSS. (CVE-2024-52318) References:
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. (CVE-2024-10524)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
