1250 matches found
ROS-20240909-02
Vulnerability in the cryptography package of the Python programming language interpreter is related to errors in the procedure of to authenticate a certificate. Exploitation of the vulnerability could allow an attacker acting remotely to perform a man-in-the-middle attack. remotely to execute a...
CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability
Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...
CVE-2024-43402
CVE-2024-43402 describes a Rust vulnerability in how Windows batch file names with trailing spaces or periods could bypass the existing mitigation for CVE-2024-24576. The issue arises from how the original fix checked for .bat/.cmd endings, failing to account for Windows normalizing trailing whit...
The vulnerability of the net/http module in the Go programming language, related to improper input validation, allows attackers to trigger a service failure.
The vulnerability of the net/http module in the Go programming language is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
PT-2024-6111
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Decoder.Decode function in the Go programming language, which can cause a panic due to stack exhaustion when handling deeply nested structures. This is caused by...
Moderate: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2024:6163 Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
ROS-20240902-15
A vulnerability in the net/http module of the Go programming language is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240902-04
A vulnerability in the xmlattr filter of the Jinja2 templating engine for the Python programming language is related to the failure to take measures to protect the structure of a web page. to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting...
PT-2024-6112 · Google +10 · Go +10
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 Go versions prior to 1.22.7 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested expressions in a "...
[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
ROS-20240826-09
The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...
ROS-20240826-12
Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...
Fedora: Security Advisory (FEDORA-2024-80d1fe51d0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20240826-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
gotribe-admin 安全漏洞
gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...
ROS-20240820-15
A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...
ROS-20240816-15
A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
ROS-20240805-08
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...