CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

PT-2024-2720

Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.77.2 Description A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability allows attackers to execute arbitrary shell...

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection' due to the improper handling of batch files in childprocess.spawn or childprocess.spawnSync. An attacker can inject arbitrary commands and achieve code execution even if the shell...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 1.77.2 that stems from not properly escaping parameters of a batch file on Windows, which could allow an attacker to execute arbitrary shell commands ...

UBUNTU-CVE-2024-26696

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfslookupdirtydatabuffers Syzbot reported a hang issue in migratepagesbatch called by mbind and nilfslookupdirtydatabuffers called in the log writer of nilfs2. While migratepagesbatch locks a folio and waits...

CVE-2024-26684 net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 "net: stmmac: Implement Safety Features in XGMAC core" checks and reports safety errors, but leaves the Data Path Parity Errors for each...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

Hitachi Energy Asset Suite is affected by CVE-2024-2244 (improper authentication). The vulnerability allows a REST service to be invoked via a batch job using a valid username with no password, applicable to Asset Suite versions prior to 9.6.3.13 and 9.6.4.1. Root cause: authentication anomaly en...

Hitachi Energy Asset Suite 安全漏洞

Hitachi Energy Asset Suite is a powerful suite from Hitachi, Japan. standardizes and streamlines enterprise asset management workflows to maximize employee productivity and improve asset performance. A security vulnerability exists in Hitachi Energy Asset Suite versions prior to 9.6.3.13 and prio...

PT-2024-19425 · Hitachi Energy · Asset Suite Eam +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a REST service authentication anomaly where a "valid username/no password" credential combination allows for successful service...

Niushop B2B2C 安全漏洞

Niushop niushop b2b2c is a PHP open source e-commerce multi-merchant system from China Niukoo Information Technology Niushop. A security vulnerability exists in Niushop B2B2C v.5.3.3 and earlier versions. An attacker exploited the vulnerability to extract power via the setPrice function of the...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...

This Week in Spring - March 19th, 2024

Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out! As usual, we've got a packed roundup to get through this week so let's dive right into it! the Spring Authorization Server 1.3.0-...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 - Mirth Connect Remote Code Execution RCE Exp...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. 'Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Spring Tips: Spring Batch Remote Partitioning, your easy button for data scale!

Hi, Spring fans! In this installment, Spring Developer Advocate Josh Long looks at how to use Spring Batch's remote partitioning support to easy-button your data processing scale out strategies. postgresql ai datascience data springboot java java21...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...