Adobe Coldfusion Access Control Bypass Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in the GPAC v2.3-DEV-rev381-g817a848f6-master version, which stems from a memory segment error in the gfisomremoveuserdata method of the /lib/libgpac.so file...

Zoom Client 路径遍历漏洞

Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in the Zoom Client SDK prior to version 5.15.0 that stems from relative path traversal. It could allow unauthorized users to achieve information disclosure via...

Azure Spring Apps Enterprise – More Power, Scalability & Extended Spring Boot Support

Can you believe Spring is celebrating its 20th anniversary this year? We could not have gotten here without our millions of Spring developers across the globe, thank you! Spring has been an essential tool for Java developers, and it continues to grow and innovate at a fast pace. From the onset,...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version v2.3-DEV-rev381-g817a848f6-master, which stems from a segmentation violation in the BMParseIndexValueReplace function in /lib/libgpac.so...

CLSA-2023-1688674204 java-1.8.0-openjdk: Fix of 7 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake 8294474 - CVE-2023-21937: Missing string checks for NULL characters 8296622 - CVE-2023-21938: Incorrect handling of NULL characters in...

The vulnerability of the EnginePlugin plugin of the Application Programming Platform PLC CODESYS Development System allows a perpetrator to execute any command they desire.

The vulnerability of the EnginePlugin plugin of the PLK CODESYS Development System is related to the deserialization of unreliable data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the software development environment of Totally Integrated Automation Portal (Portal TIA) lies in the breach of the data protection mechanism, allowing attackers to restore an unsecured version of the project.

The vulnerability of the software development environment of Totally Integrated Automation Portal Portal TIA is related to the breach of data protection mechanisms. Exploiting this vulnerability can allow attackers to restore an unsecured version of the project...

The vulnerability of the Project.get_MissingTypes() function in the ObjectManager plugin of the PLK CODESYS Development System application programming interface allows a attacker to execute any command they desire.

The vulnerability of the Project.getMissingTypes function in the ObjectManager plugin of the PLK CODESYS Development System lies in the deserialization of unreliable data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the application development environment for ISaGRAF programmable logic controllers allows attackers to access password information stored in an unencrypted form, thereby enabling them to compromise the protected data.

The vulnerability in the development environment for ISaGRAF Runtime Rockwell Automation applications relates to the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a hacker to disclose the protected information...

GHSA-W5W5-2882-47PC github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee

x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35946

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

CVE-2023-35946

CVE-2023-35946 is a path-traversal vulnerability in Gradle’s dependency caching. When Gradle writes a dependency into the cache, it uses the dependency coordinates to determine the file path; crafted coordinates can cause writes outside the cache or overwrite other files in the cache. This can en...

CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35947

CVE-2023-35947 affects Gradle, a build tool. The vulnerability arises when unpacking Tar archives: Gradle did not prevent path traversal, allowing potential writes outside the unpack directory and, in reads from a Tar entry, possible disclosure of sensitive files. This is commonly referred to as ...

CVE-2023-35938 User access not updated with privilege change in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...

CVE-2023-35938

CVE-2023-35938 affects Tuleap, where during a visibility change from restricted to a more private setting, users who were project admins did not have their restricted-user access updated and could continue to access and administer the project. The issue is documented as resolved in Tuleap version...