[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-2.fc39

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

PT-2024-29904 · Litestar · Litestar

Name of the Vulnerable Software and Affected Versions: Litestar versions 2.10.0 and prior Description: The issue is related to Environment Variable injection in Litestar's docs-preview.yml workflow, which may lead to secret exfiltration and repository manipulation. This grants a malicious actor...

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information...

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information...

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information...

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information...

CVE-2024-37403

Ivanti Docs@Work for Android before 2.26.0 is vulnerable to the Dirty Stream path-traversal issue. The app fails to sanitize file names, potentially allowing a malicious local app to read sensitive information stored in the app root. Severity is MEDIUM (CVSS v3.1: AV Local, AC Low, PR None, UI Re...

Moderate: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.2 bugfix release

Red Hat Developer Hub 1.2.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Malicious code in dagster-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54576094f59a2d3e54d3be79e476c3b5cc7903ff5c0d5248784ab89ffa4e1dc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7846 Malicious code in dagster-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54576094f59a2d3e54d3be79e476c3b5cc7903ff5c0d5248784ab89ffa4e1dc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

Security Advisory CVE-2024-37403 (Dirty Stream) for Ivanti Docs@Work for Android

Last Modified Date Jul 17, 2024 2:20:01 PM...

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 (KB5002606)

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 KB5002606 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft SharePoint remote code execution vulnerability, and Microsoft SharePoint Server...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3381 more potentially affected by CVE-2024-3653 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.33.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-3653 Source advisory: OSV:GHSA-CH7Q-GPFF-H9HP...

Fedora 40 : python3-docs / python3.12 (2024-486cb71423)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-486cb71423 advisory. Update to 3.12.4, fix CVE-2024-4032 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Malicious code in cra-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e49ccaa79a7296b7f1237beb3210cabf6610aab5c68e2c349b1fff4d3b2bb332 The OpenSSF Package Analysis project identified 'cra-docs' @ 7.999.45 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7089 Malicious code in cra-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e49ccaa79a7296b7f1237beb3210cabf6610aab5c68e2c349b1fff4d3b2bb332 The OpenSSF Package Analysis project identified 'cra-docs' @ 7.999.45 npm as malicious. It is considered malicious because: - The package...

Malicious code in skinport-rest-docs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3020 Malicious code in skinport-rest-docs (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in postman-labs-docs (npm)

--- -= Per source details. Do not edit below this line.=-...