SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from insufficient access control checks. An attacker exploited the vulnerability to delete records via the API...

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402

CVE-2024-43402 describes a Rust vulnerability in how Windows batch file names with trailing spaces or periods could bypass the existing mitigation for CVE-2024-24576. The issue arises from how the original fix checked for .bat/.cmd endings, failing to account for Windows normalizing trailing whit...

The vulnerability of the net/http module in the Go programming language, related to improper input validation, allows attackers to trigger a service failure.

The vulnerability of the net/http module in the Go programming language is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

PT-2024-6111

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Decoder.Decode function in the Go programming language, which can cause a panic due to stack exhaustion when handling deeply nested structures. This is caused by...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2024-31691 · Unknown · Symphony Xts Web Trading

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading version 2.0.0.1 P160 Description: This issue exists due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this by manipulating parameters...

ALSA-2024:6163 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Symphony XTS Web Trader 安全漏洞

Symphony XTS Web Trader is an advanced HTML5-based trading platform from Symphony. A security vulnerability exists in Symphony XTS Web Trader version 2.0.0.1P160 that stems from improper access control to the API. A remote attacker can exploit the vulnerability to manipulate parameters via HTTP...

ROS-20240902-15

A vulnerability in the net/http module of the Go programming language is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240902-04

A vulnerability in the xmlattr filter of the Jinja2 templating engine for the Python programming language is related to the failure to take measures to protect the structure of a web page. to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting...

OESA-2024-2074 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

[SECURITY] Fedora 40 Update: python3.13-3.13.0~rc1-3.fc40

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

PT-2024-6112 · Google +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 Go versions prior to 1.22.7 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested expressions in a "...

PT-2024-29379 · Organizr · Organizr

Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: The issue is related to Cross Site Scripting XSS via the "api.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions. Recommendations: Fo...

PT-2025-18294 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 15.9-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.8.0-rc-1 Description: The issue arises when a user with programming rights edits a document in XWiki that was last edite...

[SECURITY] Fedora 40 Update: python3-docs-3.12.5-1.fc40

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

ROS-20240826-12

Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...