PT-2023-19297

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.88.0 Description A cleartext transmission of sensitive information issue exists in curl that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, cu...

UBUNTU-CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

GSD-2023-1001102 padata: Always leave BHs disabled when running ->parallel()

padata: Always leave BHs disabled when running -parallel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

IntelR oneAPI DPC++/ c++ Compiler is a compiler from Intel Corporation USA. A security vulnerability exists in IntelR oneAPI DPC++/ c++ Compiler versions prior to 2022.2.1, which stems from its improper access control on certain IntelR oneAPI Toolkits versions prior to 2022.3.1 that could allow...

Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞

Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. It is used to develop high-performance, data-centric applications across different architectures. A buffer error vulnerability exists in IntelR oneAPI DPC++/C++ Compiler versions prior to 2021.8, which...

curl: CVE-2023-23915: HSTS amnesia with --parallel

HSTS cache entries were overwritten by curl when requests were made in parallel, resulting in only one site being protected by TLS and the others being vulnerable to loss of confidentiality and integrity...

Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...

Siemens SCALANCE X-200RNA Switch Devices Cross-Site Scripting Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A cross-site scripting vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by attackers to trigger malicious requests on...

Siemens SCALANCE X-200RNA Switch Devices Information Disclosure Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An information disclosure vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which could be exploited by an attacker to gain access to sensiti...

Siemens SCALANCE Series 安全特征问题漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...

Fedora: Security Advisory for python-joblib (FEDORA-2022-c83ce1c000)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: python-joblib-1.2.0-1.fc37

Joblib is a set of tools to provide lightweight pipelining in Python. In particular, joblib offers: transparent disk-caching of the output values and lazy re-evaluation memorize pattern easy simple parallel computing logging and tracing of the execution...

GLSA-202210-24 : FreeRDP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-24 FreeRDP: Multiple Vulnerabilities - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fai...

OESA-2022-2018 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when...

Sensitive Information Disclosure

libfreerdp.so is vulnerable to Sensitive Information Disclosure. The vulnerability is due to uninitialized data being sent to the server the client is currently connected to when using /parallel command line switch, which in specific conditions may result in sensitive information disclosure...

OESA-2022-1990 python-joblib security update

Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...

CVE-2022-39282

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information. Mitigation Workaround: Do not use parallel...

DEBIAN-CVE-2022-39282

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please...