Category Archives: Advisories

python3.10-3.10.16-1.fc41

Read Time:29 Second

FEDORA-2024-cae0bcc133

Packages in this update:

python3.10-3.10.16-1.fc41

Update description:

Python 3.10.16 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

Read More

python3.10-3.10.16-1.fc40

Read Time:29 Second

FEDORA-2024-1a493abc67

Packages in this update:

python3.10-3.10.16-1.fc40

Update description:

Python 3.10.16 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

Read More

python3.10-3.10.16-1.fc42

Read Time:22 Second

FEDORA-2024-39f0ccfbc3

Packages in this update:

python3.10-3.10.16-1.fc42

Update description:

Automatic update for python3.10-3.10.16-1.fc42.

Changelog

* Wed Dec 4 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.10.16-1
– Update to 3.10.16
– Security fix for CVE-2024-9287
Resolves: rhbz#2321654
* Wed Sep 11 2024 Miro Hrončok <mhroncok@redhat.com> – 3.10.15-2
– Fix ThreadedVSOCKSocketStreamTest

Read More

ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)

Read Time:1 Minute, 3 Second

What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source software that lets you share files with your clients with privacy. CVE-2024-11680 has been added to CISA Known Exploited Catalog (KEV) on December 4, 2024.What is the recommended Mitigation?ProjectSend has released a patch for CVE-2024-11680. Organizations that have not implemented the latest patch are advised to do so immediately.According to VulnCheck, it found that only 1% of users were using the patched version of ProjectSend (r1750).Public exploits for CVE-2024-11680 are available, and since the exploitation is confirmed, companies must assess exposure, implement fixes and take appropriate action.What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed to block any attack attempts related to CVE-2024-11680.

Read More

SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04

SEC Consult Vulnerability Lab Security Advisory < 20241204-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Image Access Scan2Net
vulnerable version: Firmware <=7.40, <=7.42, <7.42B
(depending on the vulnerability)
fixed version: mostly fixed in v7.42B
CVE number: CVE-2024-28138,…

Read More