Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in XMLReader CVE-2024-25062 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer...

CVE-2024-25050

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator...

CVE-2024-25050 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator...

CVE-2024-25050

CVE-2024-25050 affects IBM i versions 7.2–7.5 and IBM Rational Development Studio for i versions 7.2–7.5. The root cause is an unqualified library call in the networking and compiler infrastructure, allowing a local user to execute user-controlled code with elevated (administrator) privileges. Im...

Security Bulletin: IBM Rational Development Studio for i is vulnerable to a local privilege escalation due to an unqualified library call in compiler infrastructure [CVE-2024-25050]

Summary IBM i product IBM Rational Development Studio for i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to...

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of concept...

PT-2024-5313 · Ibm · Ibm I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.2 through 7.5 IBM Rational Development Studio for i versions 7.2 through 7.5 Description: The issue is related to an unqualified library call in the networking and compiler infrastructure of IBM i and IBM Rational Development...

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

Information Leakage Vulnerability in KingH5Stream System of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform. There is an information leakage vulnerability in KingH5Stream system of Beijing Asian Control Technology Development Co. Ltd, which can be exploited by...

CVE-2024-0151

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions CMSE, that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to...

Deciphering the Economics of Software Development: An In-Depth Exploration

By Uzair Amir The depth of activities within software development ranges from ideation and design to coding, testing, and deployment. The… This is a post from HackRead.com Read the original post: Deciphering the Economics of Software Development: An In-Depth Exploration...

The vulnerability of the Vite application development local server, related to access control deficiencies, allows a hacker to execute arbitrary code.

The vulnerability of the Vite application development local server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

[SECURITY] Fedora 38 Update: python-django3-3.2.25-2.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 39 Update: python-django-4.2.11-2.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Unspecified Vulnerability in Oracle Java SE (CNVD-2024-48673)

Oracle Java SE is a for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE for Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An attacker could exploit...

@audius/sdk (=0.0.36), @cardinal/squads-utils (>=0.0.2 <=0.0.6) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.53.0)

@solana/web3.js NPM version =1.53.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @audius/sdk =0.0.36 - @cardinal/squads-utils =0.0.2, =0.0.6 - @snowflake-so/wallet-adapter-snowflake =1.0.12 Source cves:...

@audius/fetch-nft (>=0.1.8-beta.1 <=0.2.6), @audius/sdk (>=3.0.8-beta.13 <=4.2.0) +52 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.78.0 <=1.78.7)

@solana/web3.js NPM version =1.78.0, =0.1.8-beta.1, =3.0.8-beta.13, =0.0.10, =2.20.1-beta.306, =14.2.1-beta.306, =2.2.3-alpha.61, =1.0.1-rc.0, =2.21.0, =2.6.0, =0.0.5-beta.0, =1.1.0, =1.1.11 - @ctrl-tech/chains-controller =2.0.5 - @ctrl-tech/chains-solana =2.0.18 and more Source cves:...

OpenJDK: long Exception message leading to crash (8319851)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...