AWS CLI: cli_history database does not restrict file permissions on Unix systems

Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...

OESA-2025-2538 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Support for Windows Server 2016 will end in January 2027

Support for Windows Server 2016 will end in January 2027 We recommend upgrading to the latest version of Windows Server. Running the latest version of Windows Server allows you to use the latest features – including the latest security features – and delivers the best performance.To learn more...

OpenImageIO: Multiple Vulnerabilities

Background OpenImageIO is a library for reading and writing images. Description Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

NVIDIA Drivers: Multiple Vulnerabilities

Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...

PT-2024-28639

Name of the Vulnerable Software and Affected Versions JupyterLab extension template versions prior to 4.3.0 Description The JupyterLab extension template has a remote code execution RCE vulnerability in the update-integration-tests.yml workflow. This issue affects repositories created using the...

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

PT-2024-11775 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.1.1 Description: An issue was discovered in the search template of Logpoint, where template injection was seen. The search template uses jinja templating for generating dynamic data, which could be abused to achie...

CVE-2024-21677

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact...

SUSE CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...

ALPINE-CVE-2022-39260

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...

H2O vulnerable to directory traversal

Overview H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Yusuke OSUMI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...

NetCommons cross-site scripting vulnerability

Overview NetCommons from the NetCommons Project contains a cross-site scripting vulnerability. NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This...

DRUPAL-SA-2006-013: Recipe module

It is possible for a malicious user to insert and execute XSS, due to lack of validation on output. Versions affected Please check the CVS $Id$ field in the file recipe.module to determine whether the version you are running is vulnerable. Versions older than the following are vulnerable: // $Id:...