[SECURITY] Fedora 40 Update: python-django-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 39 Update: python-django4.2-4.2.16-1.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Rust Canister Development Kit 安全漏洞

Rust Canister Development Kit is a DFINITY open source Rust development kit for Internet computers. A security vulnerability exists in the Rust Canister Development Kit, which is caused by a memory leak where not all references are removed before resolving the Future...

CVE-2024-44960

The CVE-2024-44960 entry concerns a Linux kernel issue in usb gadget core where a descriptor may be unset, causing a null pointer panic. The resolution involves ensuring the descriptor is set before inspecting maxpacket, addressing cases where an endpoint for the current speed is not properly con...

CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

ROS-20240904-02

Vulnerability of Microsoft .NET software platforms and Microsoft software development tools Visual Studio is related to a heap buffer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

@aws-cdk/integ-runner (>=2.142.0-alpha.0 <=2.148.0-alpha.0), @jill64/sveltekit-adapter-aws (>=1.9.3 <=1.9.45) +3 more potentially affected by CVE-2024-45037 via aws-cdk (>=2.142.0 <=2.148.0)

aws-cdk NPM version =2.142.0, =2.142.0-alpha.0, =1.9.3, =3.1.6, =2.142.0, =2.148.0 Source cves: CVE-2024-45037 Source advisory: OSV:GHSA-QJ85-69XF-2VXQ...

GHSA-QJ85-69XF-2VXQ AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037

The CVE affects the AWS CDK RestApi with CognitoUserPoolAuthorizer. Under certain conditions, authenticated Cognito users may gain access beyond what is intended to protected API resources/methods, though API availability is not affected. Affected CDK versions are &gt;=2.142.0 and =2.148.1; upgra...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from the possibility that an...

CVE-2024-43911

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...