Fedora 41 : expat (2025-d936540ef5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d936540ef5 advisory. Rebase to 2.7.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...

PT-2025-7518 · WordPress · Custom Post Type Date Archives

Name of the Vulnerable Software and Affected Versions: The Custom Post Type Date Archives plugin for WordPress versions up to, and including, 2.7.1 Description: The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution. This issue arises because the...

SUSE CVE-2024-22421

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

GHSA-CGX2-RRMR-JX43 Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with...

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

PYSEC-2023-155

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

PT-2023-27180 · Unknown +1 · Jupyter Server +1

Name of the Vulnerable Software and Affected Versions: jupyter-server versions prior to 2.7.2 Description: The issue is an Open Redirect Vulnerability in jupyter-server, which is the backend for Jupyter web applications. Maliciously crafted login links to known Jupyter Servers can cause successfu...

PT-2022-23102 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when RandomPoissonV2 receives large input shape and rates,...

PT-2022-19459 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: Multiple TensorFlow operations misbehave in eager mode when the resource handle provided ...

PT-2018-9278

Name of the Vulnerable Software and Affected Versions: Teluu PJSIP versions 2.7.1 and earlier Description: The issue is related to a null or uninitialized pointer access in the pjmedia SDP parsing component, which can cause a crash. This can be exploited by sending a specially crafted message...

PT-2014-1795 · Apache +5 · Apache Xalan-Java +5

Name of the Vulnerable Software and Affected Versions: Apache Xalan-Java versions prior to 2.7.2 Description: The issue allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted xalan:content-header, xalan:entities,...