azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +39 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.15.0)

pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2019-12410 Source advisory: OSV:GHSA-CJW4-2W9R-R8MV...

GHSA-PM48-CVV2-29Q5 Ansible Uses Plugins That Disclose Credentials

Ansible, all ansibleengine-2.x versions and ansibleengine-3.x up to ansibleengine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed i...

Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

GHSA-MWH9-GR45-XVV4 Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

Magento 2 Community Edition Session Fixation Check

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...

[SECURITY] Fedora 36 Update: slurm-21.08.8-2.fc36

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

new packages: environment-modules

An update is available for environment-modules. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

new packages: varnish-modules

An update is available for varnish-modules. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: jackson-modules-base

An update is available for jackson-modules-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

Zope Command Execution Vulnerability

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

GHSA-8W48-M6HX-RJW2 Zope Command Execution Vulnerability

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

GHSA-F5JH-Q6MP-9C8P ImpressCMS Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

org.infinispan:infinispan-distribution (=9.0.0.Beta1), org.infinispan:infinispan-javadoc-all (=9.0.0.Beta1) +26 more potentially affected by CVE-2016-6345 via org.jboss.resteasy:resteasy-client (>=3.1.0.Beta1 <=3.1.0.Beta2)

org.jboss.resteasy:resteasy-client MAVEN version =3.1.0.Beta1, =5.3.4.Final, =5.3.4.Final, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta2 and more Source cves: CVE-2016-6345 Source advisory: OSV:GHSA-VXHJ-3X7P-JXP5...

Code Injection in Django

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

org.apache.geode:geode-lucene (=1.1.0), org.apache.geode:geode-modules (=1.1.0) +5 more potentially affected by CVE-2017-5649 via org.apache.geode:geode-core (=1.1.0)

org.apache.geode:geode-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.geode:geode-core and may be impacted: - org.apache.geode:geode-lucene =1.1.0 - org.apache.geode:geode-modules =1.1.0 -...

SaltStack has insecure /tmp file handling in salt/modules/chef.py

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

Drupal Node Validation Bypass in the node module API

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

GHSA-PH2J-5HXQ-GXRR Drupal Node Validation Bypass in the node module API

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

GHSA-5CMG-8M8P-WHMJ GeniXCMS arbitrary PHP code execution

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...