CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1

CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-20971 affecting package mysql for versions less than 8.0.36-1

CVE-2024-20971 affecting package mysql for versions less than 8.0.36-1. An upgraded version of the package is available that resolves this issue...

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

Medium: python3.11-setuptools

Issue Overview: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as...

Security update for global (important)

openSUSE Security Update: Security update for global Announcement ID: openSUSE-SU-2024:0210-1 Rating: important References: 1226420 Cross-References: CVE-2024-38448 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: This update f...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

CGA-Q5CF-973W-VVM9

Bulletin has no description...

CGA-P68W-CM49-2VR4

Bulletin has no description...

CGA-8R26-2374-XP5J

Bulletin has no description...

CGA-5GJX-8HCR-V9R6

Bulletin has no description...

rebeltec.eu Cross Site Scripting vulnerability OBB-3943762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Advisory ROSA-SA-2024-2447

software: cairo 1.16.0 WASP: ROSA-CHROME packageevrstring: cairo-1.16.0-5 CVE-ID: CVE-2019-6461 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an assertion problem in the cairoarcindirection function in the cairo-arc.c file. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

DEBIAN-CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

GitHub: SAML Signature verification bypass allows logging into any user (with specific conditions)

The vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response and gain unauthorized access to the instance, including site administrator privileges, by exploiting a signature verification bypass. The vulnerability affected all versions of...

CVE-2022-48711

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structs from peer nodes to track their views of the network topology. This patch verifies that t...

UBUNTU-CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

UBUNTU-CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause ...

aparici.com Cross Site Scripting vulnerability OBB-3934349

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...