CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because allowall di...

CGA-VCMM-3P7W-HQHG

Bulletin has no description...

CVE-2024-31226

Sunshine (Moonlight’s self-hosted game stream host) for Windows is affected in versions 0.17.0–0.22.2 when running as a service. An attacker could place a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the target machine and trigger hijacked execution flow during service terminat...

PSF-2024-3

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

Buffer overflow

Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access...

GSD-2022-1006942 ipv6: ensure sane device mtu in tunnels

ipv6: ensure sane device mtu in tunnels This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.77 by commit...

Arbitrary Code Execution

isolated-vm is vulnerable to arbitrary code execution. The vulnerability exists because v8 cache data is not properly restricted in CachedDataOptions which allows an attacker to inject and execute arbitrary code...

MAL-2022-3863 Malicious code in intercom-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1fcd283f1ce396af81c959bb56b8fd32a56f22617596e78bebdaf08d500a1b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Tape Related Task Fails With "isn't current owner. You have to change current owner"

Challenge A Tape Job or tape-related task Inventory, Catalog, or Restore fails with errors: '' isn't current owner. You have to change current owner Job has been terminated Error: '' isn't current owner. You have to change current owner Failed to inventory tape Error: '' isn't current owner...

GHSA-JP7F-GRCV-6MJF Partial path traversal in sharpcompress

SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However it is not...

GHSA-HR3C-6MMP-6M39 Memory corruption slice-deque

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...

PYSEC-2021-573

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

CVE-2021-22398

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions...

Microsoft SAFER Bypass Vulnerability

Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...

This operation has been cancelled due to restrictions in effect on this computer

When you try to browse to the My Documents folder on a published Windows Explorer application while using Special Folder Redirection, the following error message appears: “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.” ...

Authorization Bypass

chromium is vulnerable to authorization bypass. The vulnerability exists through insufficient policy enforcement in payments, allowing navigation restriction bypass...

SYS.2.2.2.A14

Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Cisco TelePresence CE Software CVE-2019-15275 Local Privilege Escalation Vulnerability

Description Cisco TelePresence Collaboration Endpoint Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root level privileges. This issue is being tracked by Cisco Bug IDs CSCvq29890 and CSCvq29895. Versions...

Cisco Small Business Smart and Managed Switches CVE-2019-12718 Cross Site Scripting Vulnerability

Description Cisco Small Business Smart and Managed Switches are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

SLUB Event Registration Extension CVE-2019-16700 Arbitrary File Upload Vulnerability

Description SLUB Event Registration Extension is prone to an arbitrary-file-upload vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the application, upload arbitrary code and execute it and execute arbitrary script code in the browser of an...