python-cryptography security update

36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 - Fix FTBFS due to failing testloadinvalideckeyfrompem and testdecryptinvaliddecrypt...

Deserialization Of Untrusted Data

uimaj-tools is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to deserializing Java objects without proper data verification when users or developers utilize the CasIOUtils class in their applications and services to parse serialized CAS data. This weakness can...

PT-2023-9816 · Foxit · Foxit Pdf Editor +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

Heap overflow

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the sflush stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write2 system call returns an error. Depending on the...

Deserialization of untrusted data

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

Moderate: Red Hat Security Advisory: python-cryptography security update

An update for python-cryptography is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Privilege escalation

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

PT-2025-26002 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the cifs Common Internet File System component. The issue occurs when the deferred close work is canceled,...

RHEL 9 : python-cryptography (RHSA-2023:6615)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6615 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...

ALSA-2023:6615 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

[SECURITY] Fedora 39 Update: libclc-17.0.2-1.fc39

libclc is an open source, BSD licensed implementation of the library requirements of the OpenCL C programming language, as specified by the OpenCL 1.1 Specification. The following sections of the specification impose library requirements: 6.1: Supported Data Types 6.2.3: Explicit Conversions...

CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

Code injection

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

Fedora: Security Advisory for squid (FEDORA-2023-df4923cddc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the SAP Business Objects Business Intelligence Platform lies in its ability to download files of a dangerous type without limit, allowing attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the SAP Business Objects Business Intelligence Platform relates to the unlimited loading of files of a sensitive type. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...

scipy: use-after-free in Py_FindObjects() function

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the PyFindObjects function. By sending a specially crafted request, an attacker can cause a denial of service condition...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

The vulnerability of the Events & Notifications sub-component of the PeopleSoft Enterprise CC Common Application Objects component of the Oracle PeopleSoft Products allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Events & Notifications sub-component of the PeopleSoft Enterprise CC Common Application Objects component in the Oracle PeopleSoft Products suite of business applications is related to insufficient validation of input data. Exploiting this vulnerability may allow an...

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...