[SECURITY] Fedora 40 Update: maven-shared-incremental-1.1-33.fc40

Various utility classes and plexus components for supporting incremental build functionality in maven plugins...

[SECURITY] Fedora 40 Update: jakarta-oro-2.0.8-44.fc40

The Jakarta-ORO Java classes are a set of text-processing Java classes that provide Perl5 compatible regular expressions, AWK-like regular expressions, glob expressions, and utility classes for performing substitutions, splits, filtering filenames, etc. This library is the successor to the...

[SECURITY] Fedora 40 Update: guava-32.1.3-5.fc40

Guava is a suite of core and expanded libraries that include utility classes, Google=EF=BF=BD=EF=BF=BD=EF=BF=BDs collections, io classes, and much much more. This project is a complete packaging of all the Guava libraries into a single jar. Individual portions of Guava can be used by downloading...

[SECURITY] Fedora 40 Update: felix-utils-1.11.8-9.fc40

Utility classes for OSGi...

[SECURITY] Fedora 40 Update: byte-buddy-1.14.2-8.fc40

Byte Buddy is a code generation library for creating Java classes during the runtime of a Java application and without the help of a compiler. Other than the code generation utilities that ship with the Java Class Library, Byte Bud dy allows the creation of arbitrary classes and is not limited to...

[SECURITY] Fedora 40 Update: bsf-2.4.0-54.fc40

Bean Scripting Framework BSF is a set of Java classes which provides scripting language support within Java applications, and access to Java objects and methods from scripting languages. BSF allows one to write JSPs in languages other than Java while providing access to the Java class library. In...

[SECURITY] Fedora 40 Update: apache-commons-collections-3.2.2-36.fc40

The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures has accelerated development by reducing the need for custom container classes around each core object. Most Java2 APIs are significantly easi...

[SECURITY] Fedora 40 Update: apache-commons-io-2.13.0-8.fc40

Commons-IO contains utility classes, stream implementations, file filters, and endian classes. It is a library of utilities to assist with developing IO functionality...

Schoolbox Cross-Site Scripting Vulnerability

Schoolbox is an online learning platform from Schoolbox Australia. A cross-site scripting vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from a cross-site scripting vulnerability in the Classes feature that would allow an authenticated attacker to perform a secure operati...

CVE-2024-1923 SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...

CVE-2024-1923 SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

TrueLayer.Client SSRF when fetching payment or payment provider

Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to informatio...

GHSA-67M4-QXP3-J6HH TrueLayer.Client SSRF when fetching payment or payment provider

Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to informatio...

CVE-2024-1022

A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /addclasses.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is...

CodeAstro Simple Student Result Management System Cross-Site Scripting Vulnerability

Simple Student Result Management System is a student result management system by Farah Kharrat, an individual developer in Germany. A cross-site scripting vulnerability exists in CodeAstro Simple Student Result Management System version 5.6, which is caused by an unknown section of /addclasses.ph...

PT-2024-16123 · Codeastro · Codeastro Simple Student Result Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Simple Student Result Management System version 5.6 Description: A problematic issue was found in the CodeAstro Simple Student Result Management System. This issue affects the /add classes.php file of the Add Class Page component. T...

Remote Code Execution

com.alipay.sofa, sofa-rpc-all is vulnerable to Remote Code Execution. The vulnerability is caused due to insufficient blacklist mechanism to restrict deserialization of potentially dangerous classes within the SOFA Hessian protocol. An attacker can exploit this to bypass the SOFA Hessian blacklis...