RLSA-2022:7593 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. For more details abo...

python27:2.7 security update

An update is available for python-pymongo, python2-rpm-macros, python-sqlalchemy, python-backports, python-docutils, pytest, python-psycopg2, python-lxml, python-PyMySQL, python-urllib3, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock,...

python38:3.8 and python38-devel:3.8 security update

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, modwsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe,...

ALSA-2022:7593 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. For more details abo...

CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...

FedRAMP® CSPs face a new challenge meeting FIPS Compliance

The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite PoC Enable the "Checkout File Upload" module and open the following URL ...

[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

Spring Session 3.0.0-RC1

Spring Session 3.1.0-RC1 has been released. The biggest news from this release is that Spring Session Geode was removed which means all of the Spring Modules now belong to the same lifecycle. This means that the Spring Session BOM no longer uses CalVer and instead uses the same version as the...

ansible-freeipa bug fix and enhancement update

An update is available for ansible-freeipa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ansible-freeipa package provides Ansible roles and playbooks to...

Introducing Spring Modulith

When designing software systems, architects and developers have plenty of architectural options to choose from. Microservice-based systems have become ubiquitous in the last couple of years. However, the idea of monolithic, modular systems has also regained popularity recently. Independent of the...

GHSA-WHPX-Q3RQ-W8JC Hardening of TypedArrays with non-canonical numeric property names in SES

Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...

Dell Container Storage Modules Operating System Command Injection Vulnerability

Dell Container Storage Modules are a set of modules from Dell, Inc. It is designed to provide additional functionality beyond what is available in container storage. An operating system command injection vulnerability exists in Dell Container Storage Modules versions 1.3.0 and later, prior to...

DRUPAL-CONTRIB-2022-058

This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions. The module doesn't sufficiently apply access restrictions when using the filters field\label, field\value...

CVE-2022-34427

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution...

CVE-2022-34426

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside ...

Command injection

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside ...

CVE-2022-34427

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution...

CVE-2022-34427

CVE-2022-34427 affects Dell Container Storage Modules 1.2, with an OS command injection in the goiscsi and gobrick libraries. The root cause is a vulnerability that allows a remote unauthenticated attacker to modify intended OS commands, potentially leading to arbitrary command execution. Public ...