DRUPAL-CONTRIB-2024-026

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

SUSE CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

DEBIAN-CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

UBUNTU-CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protecti...

jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...

jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protecti...

[SECURITY] Fedora 40 Update: qt5-qtsvg-5.15.14-1.fc40

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

Unsafe Reflection in base Component class

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Dino Physics School Assistant 安全漏洞

Dino Physics School Assistant is an application. A security vulnerability exists in Dino Physics School Assistant version 2.3, which stems from a cross-site scripting XSS vulnerability in the parameter middlename of the file classes/Users.php...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of validation messages in certain FormField classes, which can present invalid content as part of the validation response resulting in XSS...

CVE-2021-47557 net/sched: sch_ets: don't peek at classes beyond 'nbands'

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in etsqdiscchange. As a consequence, it's possible t...

CVE-2021-47557

Summary (CVE-2021-47557) : In the Linux kernel, the net/sched sch_ets code could expose a NULL pointer dereference in the DRR active list when the number of DRR classes decreases, allowing a crash via cl->qdisc->ops->peek(cl->qdisc) if cl->qdisc is NULL. This affects the ETS qdisc ...

Web-School ERP SQL注入漏洞

Web-School ERP is an application from Web-School India. An ERP application. A SQL injection vulnerability exists in Web-School ERP version 1.0, which originates from a SQL injection vulnerability in the groupsid, examname, classesid, esvoucherid, esclass, etc parameters on the...

Qualys Is Proud to Sign CISA’s Secure by Design Pledge

Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency CISA and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a key...

CVE-2024-34145

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protecti...