EulerOS Virtualization 3.0.6.0 : python-cryptography (EulerOS-SA-2024-1700)

According to the versions of the python-cryptography packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Siemens SIMATIC CN 4100

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Neo4j Cypher component mishandles IMMUTABLE privileges

The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE...

GHSA-P343-9QWP-PQXV Neo4j Cypher component mishandles IMMUTABLE privileges

The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE...

CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

CVE-2024-34517

Summary: CVE-2024-34517 affects the Cypher component in Neo4j 5.0.0–5.19.0, where IMMUTABLE privileges can be mishandled in certain scenarios if an attacker already has admin access. The issue is documented across multiple sources (CVE entry, RH advisory, GHSA, OSV references). Impact (as stated)...

CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

Neo4j 安全漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A security vulnerability exists in Neo4j versions prior to 5.19.0 that stems from the Cypher component incorrectly handling IMMUTABLE permissions...

CVE-2024-1067

CVE-2024-1067 involves Arm Mali GPU Kernel Drivers (Bifrost, Valhall, Arm 5th Gen) with a Use-After-Free in certain Armv8.0/Linux combinations that could allow a local, non-privileged user to affect other processes’ userspace memory. Affected driver versions: r41p0–r47p0. Connected sources refere...

Fedora 39 : python-cryptography (2023-51706f88e3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-51706f88e3 advisory. Automatic update for python-cryptography-37.0.2-8.fc39. Changelog Wed Feb 22 2023 Christian Heimes - 37.0.2-8 - Fix CVE-2023-23931: Don't allow updateinto to...

Fedora 40 : rubygem-httparty (2024-a1ce4ef332)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1ce4ef332 advisory. Automatic update for rubygem-httparty-0.21.0-1.fc40. Changelog Fri Jan 5 2024 Vt Ondruch - 0.21.0-1 - Update to HTTParty 0.20.0. Resolves: rhbz17016...

GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion

By Uzair Amir The partnership will bring millions of players into the Immutable web3 ecosystem while providing GAM3S.GG with the leading web3 gaming platform on the market. This is a post from HackRead.com Read the original post: GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansi...

Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`

The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-1293)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

BIT-ARGO-CD-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CentOS 9 : python3.11-cryptography-37.0.2-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python3.11-cryptography-37.0.2-4.el9 build changelog. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

EulerOS Virtualization 2.11.1 : python-cryptography (EulerOS-SA-2023-2740)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Fedora 38 : rubygem-httparty (2024-a5aad4eede)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...