49 matches found
Important: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
ALSA-2024:10779 Moderate: python3:3.6.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
The vulnerability of the svc_udoctor utility in the operating system for managing and maintaining the Dell Unity Operating Environment’s data storage allows a malicious actor to execute arbitrary commands.
The vulnerability of the svcudoctor utility in the operating environment for managing and maintaining the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an...
Gunicorn 环境问题漏洞
Gunicorn is a Python web server gateway interface HTTP server from the Gunicorn open source. Gunicorn suffers from an environment issue vulnerability that stems from an inability to properly validate the Transfer-Encoding header, resulting in an HTTP Request Smuggling HRS attack...
BIT-PILLOW-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
Budibase affected by VM2 Constructor Escape Vulnerability
Impact Previously, budibase used a library called vm2 for code execution inside the Budibase builder and apps, such as the UI below for configuring bindings in the design section. Due to a vulnerability in vm2, any environment that executed the code server side automations and column formulas was...
yt-dlp Environmental Issues Vulnerabilities
yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. An environment issue vulnerability exists in versions prior to yt-dlp 2023.11.14, which stems from the ability to set an arbitrary proxy for requests to arbitrary URLs, allowing an attacker to man-in-the-middle requests sen...
Google Golang 环境问题漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
Laminas Project diactoros 环境问题漏洞
Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An environment issue vulnerability exists in Laminas Project diactoros, which can be exploited by an attacker to add a new header to laminas-dictoros via Security/x Forwarded Header...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environment issue vulnerability that stems from not removing vulnerable maven packages from image conten...
Umbraco 环境问题漏洞
Umbraco is an open source Content Management System CMS written in C by Umbraco, Denmark. The Umbraco CMS is vulnerable to an environmental issue that could allow an attacker to change the URL that a user receives when resetting their password to point to the attacker's server, and when the user...
Zeek 环境问题漏洞
Zeek is a powerful network analysis framework. An environment issue vulnerability exists in zeek version 4.1.0 that will invalidate any security analysis based on ZEEK HTTP...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environmental issue vulnerability that stems from requests being converted to HTTP 1.1 objects when pass...
Tornado Environment Issue Vulnerability
Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...
Sylius Environment Issues Vulnerabilities
Sylius is a set of Symfony framework based on open source e-commerce platform . An environmental issue vulnerability exists in Sylius. The vulnerability stems from an unreasonable environmental factor in a networked system or product. No detailed vulnerability details are provided at this time...
Multiple Qualcomm Products Resource Management Error Vulnerability (CNVD-2020-16066)
Qualcomm MDM9205 and others are products of Qualcomm Incorporated USA.MDM9205 is a central processing unit CPU product. The QCS404 is a central processing unit CPU product.The SDX55 is a modem. A resource management error vulnerability exists in QTEE in multiple Qualcomm products. The vulnerabili...
CVE-2018-7821
An Environment CWE-2 vulnerability exists in SoMachine Basic, all versions, and Modicon M221all references, all versions prior to firmware V1.10.0.0 which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated...