40 matches found
EUVD-2011-3902
Malware in sbrugna...
EUVD-2024-1306
Malicious code in bioql PyPI...
EUVD-2024-0200
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-18243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The unpackparseunit function in libavcodec/diracparser.c in Libav 12.2 allows remote attackers to cause a denial of service segmentation fault via a crafted fil...
CVE-2024-29905
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...
CVE-2024-24825
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
CVE-2024-29905
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...
CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...
CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...
CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...
CVE-2024-29905
Summary: CVE-2024-29905 affects DIRAC prior to version 8.0.41. During the proxy generation process (e.g., dirac-proxy-init), unauthorized users on the same machine could gain read access to the proxy for a sub-millisecond window, enabling actions as if using the original proxy. The issue is mitig...
DIRAC: Unauthorized users can read proxy contents during generation
Impact During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a...
comdirac (>=0.22.0 <=1.3.3), ctadirac (>=2.0.0 <=2.2.46) +3 more potentially affected by CVE-2024-29905 via dirac (>=7.2.30 <=8.0.40)
dirac PYPI version =7.2.30, =0.22.0, =2.0.0, =33.0.0a1, =10.2.5, =10.4.23 - lhcbwebdirac =5.3.0a2 Source cves: CVE-2024-29905 Source advisory: OSV:GHSA-V6F3-GH5H-MQWX...
DIRAC 安全漏洞
DIRAC is an open source software framework for distributed computing from the DIRAC Project. A security vulnerability exists in DIRAC versions prior to 8.0.41, which stems from the possibility that an unauthorized user could gain read access to the agent, allowing the user to perform any action...
Improper Authorization
DIRAC is vulnerable to Improper Authorization. The vulnerability is caused due to the TokenManager not checking permissions on cached tokens. This allows an attacker to use improperly cached tokens to gain access to resources, data, or functionalities within the DIRAC system for which they do not...
CVE-2024-24825
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
PYSEC-2024-125
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
comdirac (>=0.22.0 <=1.3.3), ctadirac (>=2.0.0 <=2.2.35) +3 more potentially affected by CVE-2024-24825 via dirac (>=7.2.30 <=8.0.30)
dirac PYPI version =7.2.30, =0.22.0, =2.0.0, =33.0.0a1, =10.2.5, =10.4.23 - lhcbwebdirac =5.3.0a2 Source cves: CVE-2024-24825 Source advisory: OSV:PYSEC-2024-125...
Design/Logic Flaw
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
DIRAC Information Disclosure Vulnerability
DIRAC is an open source software framework for distributed computing from the DIRAC Project. An information disclosure vulnerability exists in DIRAC versions prior to 8.0.0 through 8.0.37, which stems from the presence of an information disclosure vulnerability...