The package chromium before version 87.0.4280.141-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution and insufficient validation. Continue Reading — ArchLinux: 202101-6: chromium: multiple issues>
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
The package firefox before version 84.0.2-1 is vulnerable to arbitrary code execution. Continue Reading — ArchLinux: 202101-5: firefox: arbitrary code execution>
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permi… Continue Reading — Mageia 2021-0021: guava security update>
While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most… Continue Reading — Mageia 2021-0020: tomcat...
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mi… Continue Reading — Mageia...
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Continue Reading — Gentoo: GLSA-202101-05: Chromium, Google Chrome: Multiple vulnerabilities>
A use-after-free in Mozilla Firefox’s SCTP handling may allow remote code execution. Continue Reading — Gentoo: GLSA-202101-04: Mozilla Firefox: Remote code execution>
A buffer overflow in ipmitool might allow remote attacker(s) to execute arbitrary code. Continue Reading — Gentoo: GLSA-202101-03: ipmitool: Multiple vulnerabilities>