Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3’s proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3’s proxy support, it’s possible to accidental...

Symlink Attack

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the FilesystemBridge get, put, delete, and glob methods...

Symlink Attack

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the handling of media endpoints when symlinks or...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the ReadAllWeb process. An attacker can gain unauthorized access to secret hashes for all link shares within a project by authenticating with a read-only link share and invoking the endpoint that lists all...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3127 (ALAS-2026-3127)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3127 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager,...

Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data

Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...

Security Bulletin: HTTP request smuggling vulnerability in Go net/http due to improper LF handling in chunked encoding, affects watsonx.data

Summary The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. This could affect watsonx.data...

Agno session state overwrites between different sessions/users

Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...

GHSA-VW84-HPRM-CXMM Agno session state overwrites between different sessions/users

Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...

Race Condition

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to Race Condition in the async method acleanupandstore while passing sessionstate to Agent or Team during run or arun calls. The condition occures when a Team is used...

Linux Distros Unpatched Vulnerability : CVE-2024-39308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML tit...

OESA-2024-1945 python-urllib3 security update

Sanity-friendly HTTP client for Python Security Fixes: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without usi...

SUSE CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

Broadcom Brocade SANnav 加密问题漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav version v2.2.2, which stems from the fact that when Brocade SANnav is upgraded from v2.2.2 to 2.3.0, a TLS/SSL weak message authentication code password is added to...

SUSE CVE-2024-22415

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...