4 matches found
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...
Incorrect Authorization
Overview @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the callback process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization checks are...
GHSA-44VG-5WV2-H2HG SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...
MDVA-2010:129 : netcdf
This updates fixes a wrong Obsoletes: tag on netcdf package which would break upgrades to 2010.1. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was...