Azure Linux 3.0 Security Update: python3 (CVE-2023-6507)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6507 advisory. - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002443)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002443 advisory. The aacsendrawsrb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local...

EUVD-2019-19284

Malware in sbrugna...

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

BIT-LIBPYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

WordPress plugin Avada Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

BIT-PYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-PYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

Python Symlink Dereference Vulnerability (Mar 2024) - Linux

Python is prone to a symlink dereference vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python Symlink Dereference Vulnerability (Mar 2024) - Windows

Python is prone to a symlink dereference vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

WordPress Elementor Website Builder Plugin <= 3.12.1 is vulnerable to SQL Injection

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.12.1 Fixed in 3.12.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0329 Patch priority Low CVSS severity Low 6.6 Developer Elementor PSID c642fe631d89 Credits Sanjay Das Required privilege Administrator...

Atlassian Jira < 3.12.1 Xss In 500 Page

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.12.1. It, therefore, has multiple vulnerabilities: - a Cross-site scripting XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML, which is...

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A VNC authentication bypass vulnerability exists in the Virtual Network...

CVE-2019-9929

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions...

CVE-2019-9929

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions...

Design/Logic Flaw

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

JIRA Portlet Macro not displaying when authenticating using the trusted application between JIRA and Confluence

We're having issues using the JIRA portlet macro jiraportlet on pages inside Confluence. Whenever we try to use this macro using the trust between JIRA and Confluence for authentication, the macro does not display on the page. There aren't any errors, it just doesn't appear. code...