CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-200.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-003 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-002)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-199.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-002 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

[SECURITY] Fedora 38 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc38

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

[SECURITY] Fedora 37 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc37

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

[SECURITY] Fedora 39 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc39

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

SUSE CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

How To Enable DsAuthAzureAdNestedGroups Feature For Azure AD Nested Groups

Adding a group as a member of another group nesting is supported with the DSAuthAzureAdNestedGroups feature enabled...

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9452)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9452 advisory. - KVM: do not allow mapping valid but non-reference-counted pages Nicholas Piggin Orabug: 33054089 CVE-2021-22543 CVE-2021-22543 - Input: joydev -...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

If the length of owners in the safe array is too large, may experience out of gas revert

Lines of code Vulnerability details Proof of Concept Function requireSafesEquivalent in SecurityCouncilMgmtUpgradeLib.sol checks whether the addresses in the two safe arrays are the same and of the same length. If the arrays are too large, like there are many addresses that manages a gnosis safe,...

CVE-2023-34623

A flaw was found in jtidy when parsing untrusted html. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow, resulting in a denial of service DoS. Mitigation This flaw can be mitigated by implementing sanitization...

CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...

Debian: Security Advisory (DSA-5471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6270-1 vim vulnerabilities

It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-2182 It was discovered th...

SUSE CVE-2021-46662

MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

underscore-keypath Security Vulnerabilities

underscore-keypath is a JavaScript library for handling keypath operations on objects. A keypath operation is the reading, setting, and manipulation of nested properties or property paths on an object specified by a string. underscore-keypath library provides a set of simple and flexible methods...