Apache Airflow 代码问题漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

[SECURITY] Fedora 35 Update: scala-2.13.9-1.fc35

Scala is a general purpose programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It smoothly integrates features of object-oriented and functional languages. It is also fully interoperable with Java. This package contains the Scala compiler...

[SECURITY] Fedora 36 Update: scala-2.13.9-1.fc36

Scala is a general purpose programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It smoothly integrates features of object-oriented and functional languages. It is also fully interoperable with Java. This package contains the Scala compiler...

Fedora: Security Advisory for scala (FEDORA-2022-07dd9375b2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

USN-5257-2: ldns vulnerabilities

USN-5257-1 fixed several vulnerabilities in ldns. This update provides the corresponding update for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

The vulnerability of the Cyber Recovery data protection tool lies in its authentication procedures’ flaws, which allow attackers to gain access to the API interface.

The vulnerability of the Cyber Recovery data protection tool is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the API interface...

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

A Bootiful Podcast: thought leader Chris Richardson (and no, I'm not using that title ironically!)

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to his friend Chris Richardson @crichardson, who helped articulate and advance cloud computing, reactive programming, microservices, domain-driven design, event sourcing, and so much more years before the zeitgeist. Also, we used t...

Discourse 安全漏洞

Discourse is an open source community discussion platform. An access control error vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10. The vulnerability stems from improper access control of the API, which could be exploited to create new topics and edit existi...

SUSE SLED15 / SLES15 Security Update : rust1.62 (SUSE-SU-2022:3451-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3451-1 advisory. - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts...

PT-2022-23155 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.9 Discourse versions prior to 2.9.0.beta10 Description: The issue allows a moderator to create new and edit existing themes using the API when they should not have this capability. Recommendations: For versions...

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office SOHO routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host...

PT-2022-6176 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue exists due to insufficient input validation in the web UI feature of Cisco IOS XE Software, allowing an authenticated, remote attacker to perform an injection attack...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...

[SECURITY] Fedora 37 Update: redis-7.0.5-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 36 Update: python3.11-3.11.0~rc2-1.fc36

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 36 Update: python3.10-3.10.7-1.fc36

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

ruby-arr-pm 操作系统命令注入漏洞

ruby-arr-fpm is an RPM read/write library written in Ruby by the individual developer Jordan Sissel. It is intended to provide a way for fpm to read and write RPMs. A security vulnerability exists in ruby-arr-pm version 0.0.11 and earlier. An attacker could use this vulnerability to execute shell...

The vulnerability of the urllib component in the Python programming language allows a hacker to trigger a service failure.

The vulnerability of the urllib component in the Python programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Dataprobe iBoot-PDU 路径遍历漏洞

The Dataprobe iBoot-PDU is a web-accessible managed PDU independently controlled outlet from Dataprobe USA. A path traversal vulnerability exists in the Dataprobe iBoot-PDU FW that stems from its firmware allowing unauthenticated users to access old PHP pages susceptible to directory traversal,...