Mozilla Firefox Bidding Condition Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A competing conditional vulnerability exists in versions of Mozilla Firefox prior to 131.0.3, which can be exploited by attackers to cause unexpected behavior and cause the browser to crash...

GHSA-GX9M-WHJM-85JF vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, argo-workflows...

PYSEC-2024-218

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...

NVIDIA TensorRT Detection

The Open Source Software OSS components of the NVIDIA TensorRT Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208130;...

CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...

Performance Co-Pilot 后置链接漏洞

Performance Co-Pilot is an open source software infrastructure for monitoring, visualizing, logging, responding to, and controlling the state, activity, and performance of networks, computers, applications, and servers. Performance Co-Pilot suffers from a back-link vulnerability that originates...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from allowing the application to be updated via an upgrade script, where th...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.198...

A refresher on Talos’ open-source tools and the importance of the open-source community

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn and develop vital cybersecurity skills. In this...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM Websphere Application Liberty and Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak which have been resolved by upgrading or removing the vulnerable libraries. Please refer to the Related Information section below for...

There is no real fix to the security issues recently found in GitHub and other similar software

A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...

Haystack 安全漏洞

Haystack is an open source NLP framework for interacting with your data using Transformer models and LLMs GPT-4, ChatGPT, etc.. A remote code execution vulnerability exists in Haystack versions prior to 2.3.1, which can be exploited by an attacker to create and present a Jinja2 template on a clie...

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-33173)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL Server. An attacker exploiting this vulnerability could cause MySQL Server to hang or crash repeatedl...

CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a tenfold surge, adding it includes "mass...

Geoserver Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geoserver unauthenticated Remote Code Execution', 'Description' = %q GeoServer is an open-source software server written in Java that provides th...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...

CVE-2024-38364

CVE-2024-38364 (DSpace XSS) affects DSpace 7.0–7.6.1. When a user downloads an HTML, XML, or JavaScript Bitstream, the browser may execute embedded JavaScript, enabling a cross-site scripting (XSS) vulnerability. The root cause, as described in the public materials, is insufficient/unsafe handlin...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM...

edu-sharing Permission and Access Control Issues Vulnerability

edu-sharing is an open source e-learning integration solution from edu-sharing, Inc. A security vulnerability exists in edu-sharing that stems from allowing the upload of arbitrary files...