CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700

CVE-2024-39700 describes a remote code execution in the JupyterLab extension template copier, specifically in the update-integration-tests.yml workflow of the JupyterLab extension template used to bootstrap projects. The RCE is linked to repositories created with the template’s test option. Affec...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

PT-2024-28639

Name of the Vulnerable Software and Affected Versions JupyterLab extension template versions prior to 4.3.0 Description The JupyterLab extension template has a remote code execution RCE vulnerability in the update-integration-tests.yml workflow. This issue affects repositories created using the...

DEBIAN-CVE-2024-40996

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason syzkaller builds CONFIGDEBUGNET=y frequently trigger a debug hint in pskbmaypull. We'd like to retain this debug check because it might hint at integer overflows and other issues kernel code...

UBUNTU-CVE-2024-40996

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason syzkaller builds CONFIGDEBUGNET=y frequently trigger a debug hint in pskbmaypull. We'd like to retain this debug check because it might hint at integer overflows and other issues kernel code...

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

The vulnerability of the ath12k_htt_pull_ppdu_stats() function in the ath12k driver (Qualcomm Technologies Wi-Fi 7) for the Linux operating system allows a hacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ath12khttpullppdustats function in the drivers/net/wireless/ath/ath12k/dprx.c file of the ath12k driver Qualcomm Technologies Wi-Fi 7 in the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an...

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051-EXP CVE-2024-3...

GO-2024-2815 Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings...

CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

CVE-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Fedora: Security Advisory for rust-pulldown-cmark (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

GO-2024-2692 Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble

Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble...

SUSE CVE-2021-32760

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access t...

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...