EUVD-2023-2596

Malicious code in bioql PyPI...

GHSA-75M2-JHH5-J5G2 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...

GHSA-W2RR-38WV-8RRP kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

GHSA-3WGQ-H4FR-CWG5 laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

GHSA-9JXQ-5X44-GX23 Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

CVE-2024-5138: snapd snapctl auth bypass

Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...

PT-2022-6953 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker ...

Cisco IOS fails to properly process solicited SNMP operations

Overview Cisco IOS contains a vulnerability in the processing of solicited Simple Network Management Protocol SNMP operations that may result in memory corruption of the device causing it to reload. Sustained exploitation of this vulnerability could lead to a denial of service condition affect a...