jupyter-server errors include tracebacks with path information

Impact Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has...

OPENSUSE-SU-2023:0384-1 Security update for python-django-grappelli

This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...

SUSE-SU-2023:4513-1 Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from moduniqueid. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. Don't delegate the generatation of the response body to httpd...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 3 (5.4.4-139)

This update provides security, stability, and performance improvements. Vulnerability id: VSTOR-77769 A security fix for CVE-2023-23583 in microcode. Vulnerability id: VSTOR-74652 Unable to remove a volume with a specific 'updatedat' value. Vulnerability id: VSTOR-76882 When libvirt is unavailabl...

YubiKey authentication is working on published desktop but not published app

YubiKey does not work from a published app browser e.g., Microsoft Edge, but it works on the same browser inside a published desktop. The published app and desktop are both hosted on the same server...

`loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

RUSTSEC-2023-0088 `loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

OPENSUSE-SU-2023:0366-1 Security update for vlc

This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1...

kernel: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new numconfigregs property in regmapaddirqchipfwnode Commit faa87ce9196d "regmap-irq: Introduce config registers for irq types" added the numconfigregs, then commit 9edd4f5aee84 "regmap-irq: Deprecate type...

Exploit for Code Injection in Vinchin Vinchin_Backup_And_Recovery

CVE-2024-22899-to-22903-ExploitChain 🛠️🔓 This repository hous...

Persistence – Windows Telemetry

Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...

Persistence – Windows Telemetry

Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...

Provisioning 2203 : Citrix PVS breaks with Microsoft OLEDB driver v19

When upgrading PVS 2203 servers to mitigate a Microsoft OLEDB driver vulnerability CVE-2023-36728, a customer incorrectly removed Microsoft OLE DB Driver 18 and installed Microsoft OLE DB Driver 19. PVS Server 2203 cannot use Microsoft OLE DB Driver 19 to communicate with the SQL server...

CryptoES Security Vulnerability

CryptoES is a library of cryptographic algorithms compatible with ES6 and TypeScript. A security vulnerability exists in CryptoES that stems from the use of an insecure cryptographic hash algorithm...

PT-2023-29868 · Unknown · Rs-Stellar-Strkey

Name of the Vulnerable Software and Affected Versions: rs-stellar-strkey versions prior to 0.0.8 Description: A panic vulnerability occurs when a specially crafted payload is used, due to an issue with the inner payload len variable. This variable should not be above 64. The vulnerability is caus...

Missing payable modifier in ExecutorPlugin.executeTransaction(): Restricts Use of Native Assets (ETH) with Transactions

Lines of code Vulnerability details Impact A registered executor for a submodule cannot send ETH native assets with a transaction because the payable modifier is missing in the executeTransaction function. It's essential to address this issue to ensure full compatibility and functionality for...

FallbackHandler remains unset in _setupConsoleAccount()

Lines of code Vulnerability details Impact According to the docs, the fallback handler provides compatibility between pre-1.3.0 and 1.3.0+ Safe contracts, and additionally, also ensures policy validation guarantees required for ConsoleAccounts/SubAccounts that have policy validation enabled. If n...

Deploying a Console to the Same Address Across Different Supported Chains Could Become Impossible

Lines of code Vulnerability details Impact In Brahma, Users can interact with SafeDeployer::deployConsoleAccount to deploy console accounts/wallets. To deploy the wallet to the same address across all supported chains, the user needs to interact with the deployConsoleAccount function on all chain...

Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

CVE-2023-45130

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...