[SECURITY] Fedora 41 Update: python3.11-3.11.11-1.fc41

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

OESA-2024-2510 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

CVE-2024-53846

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

DEBIAN-CVE-2024-53846

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

CVE-2024-53846 ssl fails to validate incorrect extened key usage

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

CVE-2024-53846

CVE-2024-53846 affects Erlang/OTP’s ssl validation. Connected advisories show that a regression in the ssl app introduced improper peer verification when incorrect extended key usage is presented, affecting OTP releases: 25.3.2.8 and later up to 25.3.2.16, 26.2 up to 26.2.5.6, and 27.0 up to 27.1...

The vulnerability of the application development library set for Intel Distribution for GDB, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability in the set of development libraries for Intel Distribution for GDB is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability in the set of development libraries for Intel Distribution for Python, related to errors in using standard permissions, allows a perpetrator to increase their privileges.

The vulnerability in the library set for application development with Intel Distribution for Python is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability in the set of development libraries for Intel Distribution for GDB relates to the improper use of standard resolutions, allowing attackers to increase their privileges.

The vulnerability in the set of development libraries for Intel Distribution for GDB is related to the improper use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

OESA-2024-2489 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows...

OESA-2024-2488 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows...

OESA-2024-2486 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows...

OESA-2024-2485 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the serveMathJaxLibraries feature containing a directory traversal information disclosure vulnerability...

Exploit for Unrestricted Upload of File with Dangerous Type in Revmakx Backup_And_Staging_By_Wp_Time_Capsule

CVE-2024-8856 This tool scans WordPress websites for vulnerab...

Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart

The Qualys Threat Research Unit TRU has identified five Local Privilege Escalation LPE vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user...

24.02.0 module bug fix and enhancement update

An update is available for qatlib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Intel QuickAssist Technology Intel QAT provides hardware acceleration for...

The vulnerability of the ASMKERN228A.dll and ASMKERN229A.dll libraries, which are software for modeling, designing, and drawing in AutoCAD, allows a perpetrator to execute arbitrary code.

The vulnerability of the ASMKERN228A.dll and ASMKERN229A.dll libraries, which are software libraries for modeling, designing, and drafting in AutoCAD, is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execut...

The vulnerability in the set of development libraries for Intel Distribution for GDB software relates to an uncontrolled search path element, which allows a malicious actor to escalate their privileges.

The vulnerability in the set of development libraries for Intel Distribution for GDB software is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow an attacker to increase their privileges...

The vulnerabilities of the libraries atf_dwg_consumer.dll, rose_x64_vc15.dll, and libodxdll, which are part of the AutoCAD simulation, design, and drafting software, allow a malicious actor to execute arbitrary code.

The vulnerability of the atfdwgconsumer.dll, rosex64vc15.dll, and libodxdll libraries, which are used in AutoCAD software for simulation, design, and drafting, relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perfo...