PT-2024-30005 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio affected versions not specified Description: The 'deploy-website.yml' workflow in the gradio-app/gradio repository is vulnerable to secrets exfiltration due to improper authorization. This vulnerability arises from the...

Important: java-11-openjdk

Issue Overview: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows...

ROS-20240424-02

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected informatio...

RHEL 6 / 7 / 8 : Red Hat AMQ Interconnect 1.9.0 (RHSA-2020:4211)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4211 advisory. Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between...

OpenJDK: Pack200 excessive memory allocation (8322114)

A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...

DEBIAN-CVE-2024-21012

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM...

CVE-2024-21004

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

CVE-2024-21002

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

UBUNTU-CVE-2024-21005

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

CVE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

SUSE CVE-2024-27932

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

CVE-2024-2307

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Mitigation Mitigation for this issue is...

osbuild-composer Data Forgery Issue Vulnerability

osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...

BIT-PHPMAILER-2021-3603 Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...

BIT-LUA-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

BIT-GOLANG-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...