492 matches found
BIT-GOLANG-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...
Cisco TelePresence Video Communication Server (VCS) Detection Consolidation
Consolidation of Cisco TelePresence Video Communication Server VCS detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2024-20254
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) are affected by CSRF vulnerabilities that allow an unauthenticated, remote attacker to perform arbitrary actions on the device. The issues arise from insufficient CSRF protections in the web-based management interface...
CVE-2024-20252
CVE-2024-20252 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). An unauthenticated, network-based attacker can exploit cross-site request forgery (CSRF) in the web-based management interface to perform arbitrary actions on an affected device. The issue requ...
CVE-2024-20252
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Packaging Authority pip
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Packaging Authority pip. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caus...
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
CVE-2024-21669
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
CVE-2024-21669
Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...
SUSE SLES12 Security Update : python-pip (SUSE-SU-2023:4987-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4987-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenable has extracted the preceding...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2023:4988-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4988-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenab...
Medium: kernel
Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...
Cisco Expressway Series / Cisco TelePresence VCS DoS (cisco-sa-http2-reset-d8Kf32vZ)
The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is prior to 14.3.3. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a denial of service server...
CVE-2023-5752
A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...
Command Injection in pip when used with Mercurial
When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...
Design/Logic Flaw
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
PYSEC-2023-228
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
CVE-2023-5752
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...