[SECURITY] Fedora 40 Update: exercism-3.3.0-1.fc40

Exercism provides a way to do the problems on https://exercism.io. This CLI ships as a binary with no additional run-time requirements. This mea ns that if you're doing the Haskell problems on exercism you don't need a working Python or Ruby environment simply to fetch and submit exercises...

Important: aws-nitro-enclaves-cli

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update aws-nitro-enclaves-cli --releasever...

Important: aws-nitro-enclaves-cli

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update aws-nitro-enclaves-cli --releasever...

Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2024-575)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-575 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Tenable has extracted the preceding...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-0450 vulnerabilities

Vulnerabilities for packages: aws-cli-v2, python...

CVE-2024-0450 vulnerabilities

Vulnerabilities for packages: aws-cli-v2, python...

CVE-2023-6597 vulnerabilities

Vulnerabilities for packages: aws-cli-v2, python...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Insecure Variable Substitution

github.com/go-vela/cli is vulnerable to Insecure Variable Substitution. The vulnerability arises due to the unexpected behavior of variable substitution combined with insensitive fields like parameters, image, and entrypoint. This allows for bypassing log masking and exposing secrets without usin...

Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2024-039)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.3-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-039 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE:...

Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CLI interface of ArubaOS operating systems allows a hacker to gain access to delete any files they desire and to cause service interruptions.

The vulnerability of the CLI interface of ArubaOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access and delete any files they desire, as well as cause service failures...

CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

PYSEC-2024-270

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS

The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...

Cisco IOS XR Software Authenticated CLI SCP/SFTP DoS (cisco-sa-iosxr-scp-dos-kb6sUUHw)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a...

Input validation

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System NCS 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Design/Logic Flaw

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...