D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back...

GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-3.fc39

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...

CGA-M8V2-C2C5-24W8

Bulletin has no description...

ABCD2 安全漏洞

ABCD2 is an ABCD open source software suite for library and documentation center automation. A security vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which originates in an unknown section of the file /common/showimage.php, where manipulation of the parameter image results in...

API Attack Surface: How to secure it and why it matters

Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response EDR or XDR, security information & event...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.10.5 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.10.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CVE-2024-45302

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...

CVE-2024-45302 CRLF Injection in RestSharp's `RestRequest.AddHeader` method

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...

CRLF Injection in RestSharp's `RestRequest.AddHeader` method

Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...

CVE-2024-20284 Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cache

CVE-2024-28000 PoC This repository contains tools for exploit...

Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 3

Package name: xms10.16.0.10318.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: August 2024 Languages supported: English US Important notes about this update As a best practice, Citrix recommends that you install this a...

[SECURITY] Fedora 40 Update: python3-docs-3.12.5-1.fc40

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

Fedora: Security Advisory (FEDORA-2024-ce1992d46f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-80d1fe51d0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...