4399 matches found
CVE-2023-279970
creationtimestamp| type| source ---|---|--- 2024-09-16 19:13:31+00:00| seen| MISP/aaf97b2c-ad16-4ce6-928a-a440112d0fd3...
[SECURITY] Fedora 41 Update: python3-docs-3.13.0~rc2-1.fc41
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...
[SECURITY] Fedora 40 Update: python3-docs-3.12.6-1.fc40
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
Metasploit Weekly Wrap-Up 09/13/2024
SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...
Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
CGA-VJ3W-HJ9V-3R8W
Bulletin has no description...
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back...
GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...
[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-3.fc39
Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...
CGA-M8V2-C2C5-24W8
Bulletin has no description...
ABCD2 安全漏洞
ABCD2 is an ABCD open source software suite for library and documentation center automation. A security vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which originates in an unknown section of the file /common/showimage.php, where manipulation of the parameter image results in...
API Attack Surface: How to secure it and why it matters
Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response EDR or XDR, security information & event...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.10.5 security and bug fix update
Red Hat Advanced Cluster Management for Kubernetes 2.10.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
CVE-2024-45302
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...
CVE-2024-45302 CRLF Injection in RestSharp's `RestRequest.AddHeader` method
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...
CVE-2024-20284 Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...