PT-2025-18294 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 15.9-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.8.0-rc-1 Description: The issue arises when a user with programming rights edits a document in XWiki that was last edite...

[SECURITY] Fedora 40 Update: python3-docs-3.12.5-1.fc40

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

ROS-20240826-12

Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...

ROS-20240826-09

The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...

The vulnerability of the TrueConf Server software, related to insufficient protection of operational data, allows attackers to gather information about system users.

The vulnerability of the TrueConf Server software is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to gather information about system users through API methods...

The vulnerability of the software development package Azure IoT SDK for C lies in its memory management after memory is released. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Azure IoT SDK for C development software package lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Fedora: Security Advisory (FEDORA-2024-80d1fe51d0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20240826-01

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

authentik 安全漏洞

authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik versions prior to 2024.6.4 and prior to 2024.4.4 that stems from a user accessing multiple API endpoints without proper authentication/authorization...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco versions prior to 14.1.2, which stems from the fact that certain endpoints in the management API can return stack trace information even if Umbraco is not...

gotribe-admin 安全漏洞

gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...

ROS-20240820-15

A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...

CVE-2024-43837 bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

ROS-20240816-15

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps allows a perpetrator to disclose protected information.

The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information stored in...

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

SUSE CVE-2024-43167

DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software developer, NLnet Labs falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet...

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

DEBIAN-CVE-2024-43167

DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software developer, NLnet Labs falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet...