13 matches found
EUVD-2022-42399
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-50342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When usi...
CVE-2024-28236
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2023-45805 Trojan Lockfilein pdm
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-32321 CKAN remote code execution and private information access via crafted resource ids
CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...
Oracle Linux 7 : istio (ELSA-2022-9772)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9772 advisory. - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Istio CVE-2022-31045, CVE-2022-29225,...
CVE-2022-31032
Tuleap prior to version 13.9.99.58 is affected. The vulnerability arises from improper authorization verification when creating projects or trackers from template projects, allowing information disclosure from those templates. Remediation: upgrade to Tuleap 13.9.99.58 or newer. The available sour...
Debian DLA-1511-1 : reportbug update
Reportbug, a tool designed to make the reporting of bugs in Debian easier, was further enhanced to automatically detect bug reports for potential regressions caused by a security update. After user confirmation an additional email with a copy of the report will be sent to the debian-lts mailing...
Moderate: Red Hat Security Advisory: Red Hat Storage Console 2.1 security update
Updated Red Hat Storage Console packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Storage Server 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
[HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal
HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal Class : Remote Directory Traversal Threat level : HIGH Discovered : 2007-08-25 Published : 2007-09-06 Credit : Gynvael Coldwind Vulnerable : 7.01 and prior == Abstra...