10 matches found
📄 Automic Automation Agent Unix Privilege Escalation
An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in its Communications products, including Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function and Oracle Communications Order and Service Management. The vulnerabilities allow unauthenticated malicious actors t...
Twisted 安全漏洞
Twisted is an open source event-driven open source web engine written in the Python language by Twisted Matrix Labs. A security vulnerability exists in Twisted version 24.3.0 and earlier, which stems from the fact that the HTTP 1.0 and 1.1 servers provided by twisted.web process pipelined HTTP...
SUSE-SU-2024:2481-1 Security update for python-black
This update for python-black fixes the following issues: Updated to version 24.3.0: - CVE-2024-21503: Fixed a performance downgrade on docstrings that contain large numbers of leading tab characters bsc1221530...
Sentry Security Vulnerability
SENTRY is a bug tracking and performance monitoring platform for developers from SENTRY, Inc. A security vulnerability exists in Sentry versions 24.3.0 through 24.5.0, which stems from a Slack integration that discloses deprecated authentication tokens in logs...
PYSEC-2024-48
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...
CVE-2024-21503
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...
black Security breach
Black is a Python code formatting program. A security vulnerability exists in versions prior to black 24.3.0 that stems from the lineswithleadingtabsexpanded function in the strings.py file being vulnerable to a denial-of-service attack, which can be exploited to cause a denial of service by...
CVE-2024-23768
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...
firefox security update
24.3.0-2.0.1.el65 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel = 4.10.0 to fix build failure 24.3.0-2 - Update to 24.3.0 ESR Build 2 24.3.0-1 - Update to 24.3.0 ESR...