4419 matches found
OPENSUSE-SU-2023:0384-1 Security update for python-django-grappelli
This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...
[SECURITY] Fedora 38 Update: gstreamer1-doc-1.22.7-1.fc38
GStreamer documentation...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-44487)
Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service in Netty 4.1.94 CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...
VULNERABILITY MANAGEMENT
In any strategy aimed at combating cyber threats, the essential peace is the adequate regulation of possible frailties or susceptibility points. This concept embodies a broad spectrum of actions covering the spotting, categorizing, ranking, and rectification of possible risk areas within a digita...
Inconsistency Between Implementation And Documented Design
nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys.This discrepancy between the documented and actual behavior of the API allows ...
DEBIAN-CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
Design/Logic Flaw
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
CVE-2023-30590 concerns Node.js: the generateKeys() API of crypto.createDiffieHellman() only generates a private key when none is set, yet docs claim it generates both private and public DH keys. Multiple advisories (Debian DLA/DSA, Gentoo GLSA, AlmaLinux errata) reference this vulnerability and ...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
MinIO Installed (macOS)
Binary data miniomacinstalled.nbin...
Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities
Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...
Metasploit Wrap-up
Enhancements and features 2 18548 from zeroSteiner - Updates the admin/http/tomcatghostcat module to follow newer library conventions. 18552 from adfoster-r7 - Adds support for Ruby 3.3.0-preview3. Bugs fixed 5 18448 from HynekPetrak - Fixes and updates the...
Cross-site Scripting potential in custom links, job buttons, and computed fields
Impact All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected. Due to incorrect usage of Django's marksafe API when rendering certain types of user-authored content, including: - custom links - job buttons - computed fields it is possible that users with permission to...
SUSE-SU-2023:4513-1 Security update for apache2-mod_jk
This update for apache2-modjk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from moduniqueid. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. Don't delegate the generatation of the response body to httpd...
`tauri-winrt-notifications` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...
Node.js: Improper handling of wildcards in --allow-fs-read and --allow-fs-write
A vulnerability was found in the Node.js permission model documentation regarding improper handling of wildcards in the --allow-fs-read and --allow-fs-write options. The documentation did not make clear that wildcards should only be used as the last character of a file path. This could result in...
[SECURITY] Fedora 39 Update: gstreamer1-doc-1.22.7-1.fc39
GStreamer documentation...
Fedora: Security Advisory for gstreamer1-doc (FEDORA-2023-1661e0af22)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...