Improper Authentication

AsyncHttpClient AHC is vulnerable to Improper Authentication. The vulnerability is due to improper management of the CookieStore, which silently replaces explicitly defined cookies with those from the cookie jar if they share the same name, potentially leading to user session confusion in...

GHSA-MFJ5-CF8G-G2FV AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

CVE-2024-53990

The CVE-2024-53990 issue affects the AsyncHttpClient (AHC) library where an auto-enabled CookieStore silently replaces cookies with the same name from the cookie jar. This can cause cookies from one user to be used in another user’s requests, creating potential unauthorized data exposure in multi...

[SECURITY] Fedora 40 Update: mysql8.0-8.0.40-1.fc40

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

PT-2024-26085 · Samsung · Knox Guard

Name of the Vulnerable Software and Affected Versions: Knox Guard versions prior to SMR Oct-2024 Release 1 Description: The issue is related to an improper check for exception conditions in Knox Guard, allowing physical attackers to bypass Knox Guard in a multi-user environment. Recommendations:...

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

Vulnerabilities fixed in Progress WhatsUp Gold

Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...

[SECURITY] Fedora 39 Update: community-mysql-8.0.39-1.fc39

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 40 Update: mysql8.0-8.0.39-1.fc40

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Fedora: Security Advisory (FEDORA-2024-5d9dc19f2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-JUPYTERHUB-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

PT-2024-9750 · Unknown +1 · Async Http Client +1

Name of the Vulnerable Software and Affected Versions: AsyncHttpClient versions prior to 3.0.1 Description: The AsyncHttpClient library has an issue where the automatically enabled and self-managed CookieStore silently replaces explicitly defined Cookies with any that have the same name from the...

Fedora: Security Advisory for mariadb (FEDORA-2024-d61bffd77f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-40400 CVE-2024-34397 affecting package glib for versions less than 2.78.6-1

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...