[SECURITY] Fedora 41 Update: git-lfs-3.7.1-1.fc41

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

EUVD-2024-54414

Malicious code in bioql PyPI...

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

GHSA-MCW3-H5XG-R95M JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Java security vulnerabilities listed herein Vulnerability Details CVEID: CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

PSF-2018-6 pickle.load denial of service

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

Sql injection

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...