#vulnerability

Ubuntu Security Notice 7010-1 - Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.

Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.

Microsoft SQL Server versions 2014, 2016, 2017, 2019, and 2022 suffer from an issue where masked data can be exposed through a brute force attack.

Ubuntu Security Notice 7014-1 - It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.

### Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. ### Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. ### Workarounds Disable canonical tags in the settings of the website root page. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

### Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. ### Patches Update to Contao 4.13.49. ### Workarounds None. ### References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Jakob Steeg from usd AG for reporting this vulnerability.