30 matches found
Access API Moves to Spring Security Access
Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...
Unsafe Dependency Resolution
Overview conda-forge-metadata is a programatic access to conda-forge's metadata Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to an unclaimed optional dependency. The package specifies an optional dependency on conda-oci-mirror, which is neither present on t...
CVE-2025-27510 RCE in the package conda-forge-metadata
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain...
Malicious Package
Overview optional-dep-wont-be-found is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...
Malicious code in optional-dep-wont-be-found (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2226cdc4dac73c40bc10584ecdb520dfdf47b568418de61acf37fd8cef42daf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...
SUSE-SU-2021:3119-1 Security update for postgresql12
This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries bsc1189748. - Fixed build with llvm12 on s390x bsc1185952. - Re-enabled icu for PostgreSQL 10 bsc1179945. - Made the dependency of postgresqlXX-server-devel on llvm and clang...
runc security update
1.0.0-19.rc5.git4bb1fe4.0.3.el7 - Apply patch for CVE-2019-5736 Wiekus Beukes 1.0.0-19.rc5.git4bb1fe4.0.2.el7 - update Go version to 1.10.8, fix version string Laszlo Laca Peter 1.0.0-19.rc5.git4bb1fe4.0.1.el7 - Tuning .spec file 2:1.0.0-19.rc5.git4bb1fe4 - release v1.0.0rc5...
[SECURITY] Fedora 28 Update: php-horde-Horde-Image-2.5.4-1.fc28
An Image utility API, with backends for: GD GIF PNG SVG SWF ImageMagick convert command line tool Imagick Extension Optional dependency: php-pecl-imagick...