Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. - By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button...

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

CVE-2024-1228

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 from that version...

PT-2024-4791 · Tp Link · Tp-Link Tl-7Dr5130

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-7DR5130 version 1.0.23 Description: The issue is related to the mechanism of transmitting routing information to hosts via ICMP Redirect in the TP-LINK TL-7DR5130 wireless router's firmware. It is associated with insufficient...

PT-2024-27144 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: OneFlow versions 0.9.1 Description: An issue in the oneflow.permute component of OneFlow-Inc causes an incorrect calculation when the same dimension operation is performed. Recommendations: For version 0.9.1, consider updating to a newer...

PT-2024-23711 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.11.1 Description: A vulnerability in mlflow/mlflow allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might no...

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

Ivanti EPM Security Vulnerability

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. A security vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which stems from the presence of SQL injection that allows an authenticated attacker within the same network to execute...

SUSE CVE-2021-47391

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdmaaddrcancel happens before issuing more requests The FSM can run in a circle allowing rdmaresolveip to be called twice on the same idpriv. While this cannot happen without going through the work, it violates t...

The vulnerability of the distributed Git version control system, related to the use of pre-installed security-related data, allows a hacker to create hard links to any readable file within the same file system.

The vulnerability of the distributed Git version control system is related to the use of pre-installed data related to security. Exploiting this vulnerability allows a attacker to create hard links to any readable file within the same file system...

SUSE CVE-2021-47259

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...

systemd security update

239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...

SUSE CVE-2024-35195

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

CVE-2023-52851 IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5mkeycacheinit, delete the call to mlx5rumrresourcecleanup which frees th...

DEBIAN-CVE-2021-47259

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...

SUSE CVE-2024-1968

In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...

DEBIAN-CVE-2024-35195

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

AZL-42145 CVE-2024-35195 affecting package python-requests for versions less than 2.27.1-7

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

GHSA-CG34-W3FM-82H3 Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qqq-9vqf-3h3f. This link is maintained to preserve external references. Original Description In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only...