Lucene search
K

4420 matches found

Fedora
Fedora
added 2023/09/15 1:35 a.m.8 views

[SECURITY] Fedora 37 Update: python3-docs-3.11.5-1.fc37

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/14 5:23 p.m.28 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406 with details below. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP head...

6.5CVSS7.2AI score0.0125EPSS
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/14 9:30 a.m.29 views

Apache HDFS Provider error message suggested

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...

7.8CVSS7.5AI score0.0046EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/09/14 8:15 a.m.29 views

CVE-2023-41267

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...

7.8CVSS7.5AI score0.0046EPSS
Exploits0References3
Prion
Prion
added 2023/09/14 8:15 a.m.16 views

Code injection

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...

4.4CVSS7.5AI score0.0046EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/09/14 7:46 a.m.22 views

CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...

7.7AI score0.0046EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/09/14 5:11 a.m.10 views

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

7AI score
Exploits0
OSV
OSV
added 2023/09/13 5:15 p.m.2 views

BELL-CVE-2023-3301

Bulletin has no description...

5.6CVSS6.3AI score0.00251EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/09/13 12:0 a.m.8 views

Fedora: Security Advisory for python3-docs (FEDORA-2023-3d13b093d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/09/11 1:17 a.m.13 views

[SECURITY] Fedora 38 Update: python3-docs-3.11.5-1.fc38

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

7.1AI score
Exploits0
Oracle linux
Oracle linux
added 2023/09/11 12:0 a.m.39 views

Unbreakable Enterprise kernel-container security update

5.4.17-2136.323.8.el8 - vhost-scsi: Fix alignment handling with windows Mike Christie Orabug: 35769318 - Revert 'vhost/scsi: support non zerocopy iovecs' Rajan Shanmugavelu Orabug: 35769318 5.4.17-2136.323.7.el8 - x86: change default to specstorebypassdisable=prctl spectrev2user=prctl Andrea...

6.5CVSS7.6AI score0.03882EPSS
Exploits1
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.12 views

The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault

Lines of code Vulnerability details Impact The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault. This will reduce the capital utilization rate, because the fee should be added to the LP to earn interest, but now because the vault address cann...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.6 views

Lack of access control lets anyone rescind any delegate token

Lines of code Vulnerability details Impact There is no access control for the function rescind, thus 1 it lets anyone rescind any token, either he is the owner or not and 2 the documentation does not adhere to the current implementation. Proof of Concept The documentation above the definition of...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/08 6:3 p.m.80 views

Metasploit Weekly Wrap-Up

New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...

7.5CVSS8.3AI score0.99273EPSS
Exploits27
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 3:16 p.m.40 views

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service due to [CVE-2022-28948]

Summary Go-Yaml is used internally by IBM App Connect Enterprise Certified Container for reading YAML configuration. IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS7.3AI score0.035EPSS
Exploits1Affected Software1
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.15 views

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

6.5AI score
Exploits0
Circl
Circl
added 2023/09/06 8:17 p.m.10 views

CVE-2021-36646

creationtimestamp| type| source ---|---|--- 2023-09-06 20:17:48+00:00| seen| https://t.me/cibsecurity/70018 2025-05-21 12:38:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-36646.yaml 2025-05-22 21:02:16+00:00| seen|...

6.1CVSS6AI score0.00705EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.9 views

Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id

Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.7 views

The function does not restrict who can call it beyond the check for the delegator's status

Lines of code Vulnerability details Impact Access Control: The function does not restrict who can call it beyond the check for the delegator's status i.e., it must be Bonded. If there are additional constraints on who should be able to call this function e.g., only the original delegator, those...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/06 12:0 a.m.5 views

Debian dla-3552 : gstreamer1.0-plugins-ugly - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3552 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3552-1 [email protected] https://www.debian.org/lts/security/...

5.6AI score
Exploits0References2
Rows per page
Query Builder