The vulnerability in the set of development libraries for Intel Distribution for GDB software relates to an uncontrolled search path element, which allows a malicious actor to escalate their privileges.

The vulnerability in the set of development libraries for Intel Distribution for GDB software is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow an attacker to increase their privileges...

CVE-2024-8049

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 2024.4.1106, importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable...

PT-2024-38774 · Progress · Telerik Document Processing Libraries

Name of the Vulnerable Software and Affected Versions: Progress Telerik Document Processing Libraries versions prior to 2024 Q4 2024.4.1106 Description: The issue arises when importing a document with unsupported features, leading to excessive processing and excessive use of computing resources...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the CC5Dlll.dll and ASMBASE228A.dll libraries, which are software for modeling, design, and drawing in AutoCAD, allows a malicious individual to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the CC5Dlll.dll and ASMBASE228A.dll libraries, which are software for modeling, designing, and drafting in AutoCAD, exists due to a buffer overflow error during file processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

openSUSE 15 Security Update : qbittorrent (openSUSE-SU-2024:0358-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0358-1 advisory. - Update to version 5.0.1 fixes boo1232731 CVE-2024-51774 Added features: Add 'Simple pread/pwrite' disk IO type Bug fixes: Don't ignore SSL errors...

rust-toolset:rhel8 bug fix and enhancement update

An update is available for rust, module.rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...

RLSA-2024:8838 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attack...

CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

CVE-2023-29122

Under certain conditions, access to service libraries is granted to account they should not have access to...

CVE-2023-29122 Incorrect file ownership of privileged service's libraries in Enel X JuiceBox

Under certain conditions, access to service libraries is granted to account they should not have access to...

CVE-2023-29122

The CVE-2023-29122 entry concerns Enel X Waybox (Waybox 3.0) with incorrect file ownership of the Privileged Services Library. The root cause enables a local attacker to gain root privileges by executing arbitrary OS commands. Affected component: Privileged Services Library; impact is root-level ...

CVE-2023-29122 Incorrect file ownership of privileged service's libraries in Enel X JuiceBox

Under certain conditions, access to service libraries is granted to account they should not have access to...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0936 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

Malicious code in sc-libraries (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e685150357e5118f6b99d29dcc954b4c5e33389fc7764e15ac72be42fbc1e27a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] [DLA 3937-1] nss security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3937-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez October 27, 2024 https://wiki.debian.org/LTS -...

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1835 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.2.0 <=6.2.6)

org.springframework.security:spring-security-web MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.1, =1.0.31 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...