GSD-2023-1000243 hwmon: (coretemp) Check for null before removing sysfs attrs

hwmon: coretemp Check for null before removing sysfs attrs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.158 by commit...

GSD-2023-1000170 hwmon: (coretemp) Check for null before removing sysfs attrs

hwmon: coretemp Check for null before removing sysfs attrs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.82 by commit...

GSD-2023-1000078 hwmon: (coretemp) Check for null before removing sysfs attrs

hwmon: coretemp Check for null before removing sysfs attrs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...

MAL-2022-6482 Malicious code in test-inherited-attrs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f962e7dc884922f90141ffeaa6fce29bca1e10e59db0b32f2888ae1fdea2bd70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-G468-QJ8G-VCJC TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`

Impact When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. cpp Status SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...

new packages: python-attrs

An update is available for python-attrs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

new module: python39:3.9

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

python27:2.7 security, bug fix, and enhancement update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...

The vulnerability of the recv_files and read_ndx_and attrs functions in the rsync daemon allows a hacker to circumvent existing access restrictions and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of rsync exists due to the lack of checks on the filenames fnamecmp in the daemonfilterlist data structure in the recvfiles function in receiver.c, and the absence of a sanitizepaths mechanism for paths found in the “xname follows” strings in the readndxand attrs function in...

GSA Bounty: Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov

Hi Team, I noticed, that the x-amz-meta-s3cmd-attrs response header returns sensitive information, like system username on data.gov x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33184/mtime:1513269652/atime:1513269652/md5:2049644b6b833f5dbb826f60a4721f64/ctime:1513269652 Server:...

python27:2.7 security update

Cython 0.28.1-7 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 PyYAML 3.12-16 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 babel 2.5.1-9 - Bumping due to problems with modular RPM upgrade path 1695587 - Related:...

GSA Bounty: Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov

Description Hi. I just noticed, that you are extended the scope for the bounty program. I looked to the first resource - https://federation.data.gov/ I noticed, that the x-amz-meta-s3cmd-attrs response header returns sensitive information, like system username:...

Jenkins-LDAP (CVE-2016-9299) deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Source: gone with the wind's Blog Author: iswin This vulnerability in the last 11 month of official release announcement when I was concerned too, when he was looking for com. sun. jndi. ldap. LdapAttribute this class related to the deserialization was aware of this category inside the...

HackerOne: Obtain the username & the uid of the one doing the S3 sync on Hackerone

Obtain the username & uid of hackerone.com S3 using GET, it's possible to obtain the username & uid of the one doing the S3 sync on Hackerone. Doing a GET on : http://hackerone.com Give the following header : content-security-policy = default-src 'none'; base-uri 'self'; block-all-mixed-content;...