EUVD-2009-0248

Malware in sbrugna...

EUVD-2024-50364

Malicious code in bioql PyPI...

CVE-2024-9367

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

BIT-GITLAB-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

CVE-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

Proroute H685 4G router vulnerabilities

TL;DR Two vulnerabilities on the Proroute H685t-w 4G Router Authenticated command injection is possible through the admin interface Reflected Cross Site-Scripting is possible through the admin interface Patch any routers to revision 3.2.335 or higher Vulnerability 1: Command Injection on Proroute...

PT-2024-39182 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution vulnerability exists via crafted extension description or changelog, which could be exploited by a malicious extension. Recommendations: For Docker Desktop versions...

Malicious code in has-changelogs (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6940 Malicious code in has-changelogs (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-25122 Cross-site Scripting sidekiq-unique-jobs UI server vulnerability

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...

GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

PT-2024-20763 · Unknown · Sidekiq-Unique-Jobs

Name of the Vulnerable Software and Affected Versions: sidekiq-unique-jobs versions prior to 7.1.33 and 8.0.7 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the sidekiq-unique-jobs "admin" web UI. Specially crafted GET request parameters handled by the following...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was found in...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when associnfo-reqlen data is bigger than the siz...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.98 and fixes atleast the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines o...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment...

Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...