Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass , warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular...

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

GHSA-PQ9P-PC3P-9HM4 python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

SQL Injection

Overview python-sql is a Library to write SQL queries Affected versions of this package are vulnerable to SQL Injection due to improper escape of non-Expression for unary operators. Remediation Upgrade python-sql to version 1.5.2 or higher. References - Commit - Issue - Security Release Credit:...

CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

DEBIAN-CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

UBUNTU-CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

openSUSE 15 Security Update : python-python-sql (openSUSE-SU-2024:0412-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0412-1 advisory. - CVE-2024-9774: Fixed that unary operators does not escape non-Expression boo1234653. Tenable has extracted the preceding description block directly fro...

OPENSUSE-SU-2024:0412-1 Security update for python-python-sql

This update for python-python-sql fixes the following issues: - CVE-2024-9774: Fixed that unary operators does not escape non-Expression boo1234653...

SUSE CVE-2024-9774

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from the insertion of sensitive information into a log file during the Alarm Sender...

Synapse denial of service through media disk space consumption

Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...

GHSA-4MHG-XV73-XQ2X Synapse denial of service through media disk space consumption

Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 8.8.3 that stems from improper use of query operators...

Important: Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update

Control plane Operators for RHOSO 18.0.3 Feature Release 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

GHSA-F748-7HPG-88CH vulnerabilities

Vulnerabilities for packages: nvidia-gpu-operator-validator, nvidia-container-toolkit...