[SECURITY] Fedora 39 Update: glibc-2.38-19.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 39 Update: dotnet8.0-8.0.110-1.fc39

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 40 Update: dotnet8.0-8.0.110-1.fc40

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 41 Update: dotnet8.0-8.0.110-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

GHSA-87CF-J763-VVH8 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

[SECURITY] Fedora 39 Update: koji-1.35.1-1.fc39

Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface...

OpenRefine SQL注入漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data, and cleaning data, among other things. A SQL injection vulnerability exists in OpenRefine prior to version 3.8.3, which stems from the ability to set the...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

[SECURITY] Fedora 39 Update: oath-toolkit-2.6.12-1.fc39

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.1.1 <=0.112.0) +8286 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.1.0 <=6.1.13)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

Denial Of Service (DoS)

System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory are vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation and inadequate mechanisms to handle large datasets that allows to consume excessive resources...

Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytic...

Malicious code in openstad-component-libs (npm)

--- -= Per source details. Do not edit below this line.=-...

be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.3.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +639 more potentially affected by CVE-2024-7318 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=24.0.5)

org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.2.9, =1.6.0 and more Source cves: CVE-2024-7318 Source advisory: OSV:GHSA-XMMM-JW76-Q7VG...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +945 more potentially affected by CVE-2023-25581 via org.pac4j:pac4j-core (>=1.4.0 <=4.0.0-RC3)

org.pac4j:pac4j-core MAVEN version =1.4.0, =0.0.2, =0.0.21, =0.0.6, =0.5.0, =0.1.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2023-25581 Source advisory: OSV:GHSA-76MW-6P95-X9X5...

[SECURITY] Fedora 40 Update: koji-1.35.1-1.fc40

Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

EN GenTeamCityExploit is a PoC tool that targets a vulnera...

CentOS 7 : java-1.8.0-ibm (RHSA-2021:0717)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0717 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271,...