Articles by KENNETH

USN-5819-1: HAProxy vulnerability It was discovered that HAProxy incorrectly handled certain messages. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service. Source: USN-5819-1: HAProxy vulnerability

USN-5818-1: PHP vulnerability It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Source: USN-5818-1: PHP vulnerability

USN-5817-1: Setuptools vulnerability Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service. Source: USN-5817-1: Setuptools vulnerability

USN-5816-1: Firefox vulnerabilities Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23597) Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23598) Vadim discovered that Firefox was not properly sanitizing a curl command output when copying a network request from the developer tools panel. An attacker could potentially exploits this to hide and execute arbitrary commands. (CVE-2023-23599) Luan Herrera discovered that Firefox was not stopping navigation when dragging a URL from a cross-origin iframe into the same tab. An attacker potentially exploits this to spoof the user. (CVE-2023-23601) Dave Vandyke discovered that Firefox [ more… ]