Fedora 42 : webkitgtk (2025-5427adc3f4)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5427adc3f4 advisory. Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and renderin...

CVE-2024-37302

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

CVE-2023-48268

CVE-2023-48268: Mattermost Boards import can be exploited via a specially crafted zip to exhaust resources during archive extraction, causing Denial of Service. The accessible connected sources indicate the issue stems from failing to limit data extracted from compressed archives during board imp...

bro -- Unsafe integer conversions can cause unintentional code paths to be executed

Jon Siwek of Corelight reports: The following Denial of Service vulnerabilities are addressed: Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer...