Moderate: Red Hat Security Advisory: RHACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...

Optigo Networks ONS-S8 - Spectra Aggregation Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...

Debian dla-3902 : ruby-rails-html-sanitizer - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3902 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected]...

Inefficient Regular Expression Complexity in langflow

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

GHSA-355V-2RJX-FPX7 Inefficient Regular Expression Complexity in langflow

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-9277

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-9277 Langflow HTTP POST Request utils.py redos

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-9277 Langflow HTTP POST Request utils.py redos

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

Langflow 安全漏洞

Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow 1.0.18 and earlier versions, which stems from an improper manipulation of the parameter maintainingtext can lead to low regular expression...

CVE-2024-9203 Enpass Password Manager sensitive information in memory

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexit...

CVE-2024-9203 Enpass Password Manager sensitive information in memory

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexit...

goTenna Pro X and Pro X2 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro series Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...

PT-2024-39486 · Unknown · Enpass Password Manager

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager versions up to 6.9.5 Description: A vulnerability has been found in Enpass Password Manager, which affects some unknown processing and leads to cleartext storage of sensitive information in memory. The manipulation...

CLSA-2024-1727289133 python3: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Security Orchestration, Automation, and Response SOAR was introduced with the promise of revolutionizing Security Operations Centers SOCs through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR...

CVE-2024-9075

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting

A vulnerability was found in yproject RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The...

CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting

A vulnerability was found in yproject RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The...

GHSA-PWWP-3Q7J-9MX8 Use After Free in MicroPython

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...