CVE-2024-10946

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file...

CVE-2024-10947 Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=adminorder&xsl=adminOrderOrderList.xsl. The...

CVE-2024-10946 Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SysLib sql injection

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file...

ALSA-2024:8935 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Possible denial of service in X.509 name checks CVE-2024-6119 For more details about the security issues, including...

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

The vulnerability of the JavaScript and TypeScript matrix-react-sdk development tools lies in the insufficient protection of sensitive data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the JavaScript and TypeScript matrix-react-sdk development tools is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Arbitrary File Read Vulnerability in KingPortal Development System Client of Beijing Asia Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of automation software platform. There is an arbitrary file reading vulnerability in the client side of KingPortal development system of Beijing Asian Control Technology Development Co., Ltd, which can be exploited b...

MacOS Malware Surges as Corporate Usage Grows

MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam and Duy-Phuc Pham · October 30, 2024 This blog was also written by Joe Malenfant and Max Kersten An apple a day keeps the doctor away, While the age-old expression does have its merits, the malware landscape on...

[SECURITY] Fedora 40 Update: edk2-20240813-2.fc40

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

RLSA-2024:8117 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...

CVE-2024-46995

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46998

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

CVE-2024-46994

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

CVE-2024-46996

baserCMS (CMS framework) has a Cross-site Scripting (XSS) vulnerability in the Blog posts feature affecting versions prior to 5.1.2. The issue is addressed by upgrading to a fixed release (5.1.2 or newer; some sources list 5.1.3 as the update path). Multiple connected advisories confirm the affec...

CVE-2024-46996 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46994

CVE-2024-46994 concerns baserCMS. A cross-site scripting (XSS) vulnerability exists in the Blog posts and Contents list feature for versions prior to 5.1.2; version 5.1.2 contains the fix. Publicly documented analyses and advisories (including JVN and RH) corroborate the issue and list remediatio...

CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...