[SECURITY] Fedora 40 Update: yq-4.43.1-5.fc40

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

Oracle Construction and Engineering Suite 安全漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation USA. A security vulnerability exists in Oracle Construction and Engineering Suite. An attacker could exploit the vulnerability to update, insert, or delete...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL Corporation, USA. A security vulnerability exists in HCL Connections that stems from unauthorized users updating data in certain circumstances...

CVE-2023-37541 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Complex Maintenanc...

Aim 跨站请求伪造漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from the United States. Aim suffers from a cross-site request forgery vulnerability. An attacker could use this vulnerability to perform actions such as deleting runs, updating data, and stealing data such as log records an...

PT-2024-22976 · Abast · Scan Visio Edocument Suite Web Viewer

Name of the Vulnerable Software and Affected Versions: SCAN VISIO eDocument Suite Web Viewer of Abast affected versions not specified Description: A SQL Injection issue has been discovered, allowing an unauthenticated user to retrieve, update, and delete all database information. This issue was...

CVE-2023-38283

In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...

The vulnerability of the PostgreSQL database management system, related to deficiencies in access control, allows attackers to read and update protected data.

The vulnerability of the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to read and update sensitive data that is protected by security measures...

CVE-2023-3321

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

CVE-2023-3322

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

ABB Abilit zenon 代码问题漏洞

ABB Abilit zenon is a secure operational data management platform from ABB that makes it easy to connect machines, infrastructure and production assets. A code issue vulnerability exists in ABB Abilit zenon build 11 to 11 build 106404, which stems from a code issue that allows a less privileged...

Cross-Process Information Leak

Bulletin ID: AMD-SB-7008 Potential Impact: Information disclosure Severity: Medium Summary Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which...

PT-2023-4105 · Abb · Abb Ability Zenon

Name of the Vulnerable Software and Affected Versions: ABB Ability zenon versions 11 build through 11 build 106404 Description: A vulnerability exists in the ABB Ability zenon system, allowing low-privileged users to read and update data in various directories. This issue is related to errors in...

CVE-2022-1969

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...

WordPress plugin Mobile browser color select 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2022-14227 · WordPress · Mobile Browser Color Select Plugin

Name of the Vulnerable Software and Affected Versions: Mobile browser color select plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to missing or incorrect nonce validation on the admin update data function, making it possible for unauthenticated attackers t...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by an attacker to update, insert, or delete access to MySQL Server accessible data without authorization...

CVE-2021-2218

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Health Center. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpris...

Continuing to Listen: Good News about the Security Update Guide API!

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We're happy to make this valuable public...