94 matches found
Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]
Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...
CVE-2025-31996
CVE-2025-31996 affects HCL Unica Platform with unprotected files caused by improper access controls. Files may disclose private or system information, enabling compromise of the application, infrastructure, or users. Documents describe the issue and potential impact, but do not provide concrete v...
EUVD-2020-20278
Malware in sbrugna...
EUVD-2025-20017
Malicious code in bioql PyPI...
EUVD-2025-20343
Malicious code in bioql PyPI...
NewStart CGSL MAIN 7.02 : glib2 Vulnerability (NS-SA-2025-0111)
The remote NewStart CGSL host, running version MAIN 7.02, has glib2 packages installed that are affected by a vulnerability: - An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client subscribes to signals from a trusted system service...
CVE-2025-46833 Programs/P73_SimplePythonEncryption.py has weak cryptographic key
Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...
Apple macOS 访问控制错误漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that originates from an application that may be able to modify protected portions of the file system...
Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting XSS vulnerability in the contentsecuritypolicy helper in Action Pack. Impact Applications which set Content-Security-Policy CSP headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives...
Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2024-2768)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : glib2 (EulerOS-SA-2024-2527)
According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client subscribes to signals from a...
Candy Redis 2.1.2 Admin Page Disclosure
==================================================================================================================================== | Title : Candy Redis V2.1.2 HTML Form in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...
Fedora 40 : mingw-glib2 (2024-2ce1c754f7)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2ce1c754f7 advisory. Update glib2 to fix CVE-2024-34397. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
[SECURITY] [DLA 3814-1] glib2.0 security update
Debian LTS Advisory DLA-3814-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 13, 2024 https://wiki.debian.org/LTS Package : glib2.0 Version : 2.58.3-2+deb10u6 CVE ID : CVE-2024-34397 Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib...
CVE-2024-34397
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...
CVE-2024-34397
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:0172-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0172-1 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that...
OpenSSL 3.1.0 < 3.1.3 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.1.3. It is, therefore, affected by a vulnerability as referenced in the 3.1.3 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applicatio...