ROS-20240729-09

Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...

SUSE CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

The vulnerability of authentication plugins in software for automated deployment and management of applications in Docker Engine-enabled environments allows attackers to gain increased privileges.

The vulnerability of authentication plugins AuthZ in software for automated deployment and management of applications in Docker Engine-enabled environments is related to shortcomings in HTTP request processing. Exploiting this vulnerability allows a malicious actor to enhance their privileges by...

VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

[SECURITY] Fedora 40 Update: ruby-3.3.4-11.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ROS-20240422-11

Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the end of the HTTP/2 is related to uncontrolled resource consumption as a resul...

[SECURITY] Fedora 39 Update: golang-1.21.12-1.fc39

The Go Programming Language...

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

ruby security update

An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220-Exploit LMS Chamilo 1.11.24 CVE-2023-4220 Explo...

ROS-20240712-02

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function. verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotel...

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

SAP NetWeaver AS ABAP Protection Mechanism Failure (3456952)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. Note that...

Amazon Linux 2 : R (ALASR3.4-2024-001)

The version of R installed on the remote host is prior to 3.4.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2R3.4-2024-001 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not...

CVE-2024-27784

Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599

CVE-2024-39599 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. The issue is a protection mechanism failure that allows a developer to bypass the configured malware scanner API due to a programming error. The practical impact is described as low for confidentiality, integrity,...