conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:PYSEC-2024-200...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

CVE-2017-9453

BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass...

CVE-2017-9453

BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass...

Authentication flaw

BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass...

CVE-2017-9453

BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

CVE-2020-26261

CVE-2020-26261 affects jupyterhub-systemdspawner. Before v0.15, user API tokens issued to single-user notebook servers were exposed in the environment of systemd units, making them accessible to all users. The fix is in jupyterhub-systemdspawner v0.15. The-littlest-jupyterhub is affected by defau...

Design/Logic Flaw

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...

sastcpd 8.0 &#39;authprog&#39; local root vulnerability

Hi, Several environment variable problems exist in the 'SAS Job Spawner for Open Systems version 8.00'. No other releases of the software were available to test. Sorry. authprog vulnerability ---------------------- The daemon passes a user-defined environment variable, 'authprog', to execve. This...

sastcpd Buffer Overflow and Format String Vulnerabilities

---------------------------------------------------------- sastcpd Buffer Overflow and Format String Vulnerabilities Ministry-of-Peace - www.ministryofpeace.co.uk ---------------------------------------------------------- SYNOPSIS "SAS software provides the foundation, tools, and solutions for da...