PT-2024-40920 · Syn +1 · Syn +1

Name of the Vulnerable Software and Affected Versions: proc-macro-error affected versions not specified Description: The maintainer of proc-macro-error appears to be unreachable, with no commits for 2 years, no releases for 4 years, and no activity on the GitLab repository or response to emails...

dbt uses a SQLparse version with a high vulnerability

Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflic...

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...

GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

Fedora 28 : ruby (2018-dd8162c004)

Rebase to Ruby 2.5.1. - Several CVE fixes. - Conflict requirement needs to generate dependency. - Stop using --with-setjmp-type=setjmp on aarch64. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted...

openSUSE Security Update : dhcp (openSUSE-2016-279)

This update for dhcp fixes the following issues : - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally boo961305 The following bugs were fixed : - boo936923: Improper...

Fedora 15 : ember-0.6.0-5.fc15 (2011-3208)

Fix for CVE-2010-3355 bug 638381 This is just a rebuild to resolve a dependency conflict. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...