1 week 2 days ago
It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)
It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)
It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)
1 week 2 days ago
Version:next-20240416 (linux-next)
Released:2024-04-16
1 week 2 days ago
FEDORA-2024-121f5cec9f
Packages in this update:
Update description:
- New upstream release (125.0)
1 week 2 days ago
FEDORA-2024-966e16bfa3
Packages in this update:
Update description:
- New upstream release (125.0)
1 week 2 days ago
FEDORA-2024-c6a1d4e0ec
Packages in this update:
Update description:
- New upstream release (125.0)
- New upstream release (124.0.2)
1 week 2 days ago
1 week 2 days ago
1 week 3 days ago
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)
1 week 3 days ago
It was discovered that GnuTLS had a timing side-channel when performing
certain ECDSA operations. A remote attacker could possibly use this issue
to recover sensitive information. (CVE-2024-28834)
It was discovered that GnuTLS incorrectly handled verifying certain PEM
bundles. A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.10. (CVE-2024-28835)
1 week 3 days ago
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
1 week 3 days ago
It was discovered that YARD before 0.9.11 does not block relative paths
with an initial ../ sequence, which allows attackers to conduct
directory traversal attacks and read arbitrary files. This issue only
affected Ubuntu 16.04 LTS. (CVE-2017-17042)
It was discovered that yard before 0.9.20 is affected by a path
traversal vulnerability, allowing HTTP requests to access arbitrary
files under certain conditions. This issue only affected Ubuntu 18.04
LTS. (CVE-2019-1020001)
Aviv Keller discovered that the "frames.html" file within the Yard
Doc's generated documentation is vulnerable to Cross-Site Scripting
(XSS) attacks due to inadequate sanitization of user input within the
JavaScript segment of the "frames.erb" template file. (CVE-2024-27285)
1 week 3 days ago
Version:next-20240415 (linux-next)
Released:2024-04-15
1 week 3 days ago
1 week 3 days ago
1 week 4 days ago
FEDORA-2024-f04c2ec90b
Packages in this update:
Update description:
Backport fix for CVE-2024-3116.
1 week 4 days ago
FEDORA-2024-1230cb2cd6
Packages in this update:
- mingw-python-idna-3.7-1.fc40
Update description:
Update to idna-3.7.
1 week 4 days ago
FEDORA-2024-83ef5f3c4f
Packages in this update:
- mingw-python-idna-3.7-1.fc39
Update description:
Update to idna-3.7.
1 week 4 days ago
FEDORA-2024-831b7c8340
Packages in this update:
- mingw-python-idna-3.7-1.fc38
Update description:
Update to idna-3.7.
1 week 4 days ago
1 week 4 days ago
FEDORA-EPEL-2024-2445965799
Packages in this update:
- chromium-123.0.6312.122-1.el9
Update description:
update to 123.0.6312.122
- High CVE-2024-3157: Out of bounds write in Compositing
- High CVE-2024-3516: Heap buffer overflow in ANGLE
- High CVE-2024-3515: Use after free in Dawn