Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the search function in its application API, where the name field in the aggregations object is susceptib...

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

PrivX 安全漏洞

SSH PrivX is a scalable, cost-effective and highly automated privileged access management PAM solution from SSH. A security vulnerability exists in PrivX versions prior to 34.0 that stems from allowing data leakage and denial of service via the REST API...

ROS-20240805-08

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...

ROS-20240805-02

A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...

ROS-20240805-03

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

Impact Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki...

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E microprogrammed logic controllers is related to lack of access control measures. Exploiting this vulnerability could allow an attacker to gain access to confidential information...

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

Why (and How) APIs and Web Applications Are Under Siege

Read a summary of the latest SOTI report, which tackles the security risks in web applications and APIs, and the infrastructure that powers them...

AZL-47079 CVE-2024-42227 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dmlcoremodeprogramming WHY &modelib-mp.Watermark and &locals-Watermark are the same address. memcpy may lead to unexpected behavior. HOW memmove should be used...

The vulnerability of the dml_core_mode_programming function in the AMD Display kernel of the Linux operating system allows a hacker to compromise the accessibility of protected information.

The vulnerability of the dmlcoremodeprogramming function in the AMD Display kernel of the Linux operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the drm/amd/display module in dmlcoremodeprogramming, where &modelib-p.Watermark and &locals-Watermark ar...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

ROS-20240729-11

A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20240729-09

Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...

SUSE CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

The vulnerability of authentication plugins in software for automated deployment and management of applications in Docker Engine-enabled environments allows attackers to gain increased privileges.

The vulnerability of authentication plugins AuthZ in software for automated deployment and management of applications in Docker Engine-enabled environments is related to shortcomings in HTTP request processing. Exploiting this vulnerability allows a malicious actor to enhance their privileges by...

VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...