Malicious code in Be.Vlaanderеn.Basisregіsters.RoaԁRegistry.BackOffiсe.Api (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Spring Tips: Further, Faster with Spring Boot 3.3

Hi, Spring fans! In this installment we look at ways to make your applications go further, faster, with AppCDS, GraalVM, AOT on the JRE, and Project CRaC coordinate restore at checkpoint springboot java graalvm programming coding...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1846)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syst...

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1825)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syst...

The vulnerability of the application programming interface of the software management tool allows a hacker to enhance their privileges.

The vulnerability of the application programming interface of the software management tool regarding identity verification and access control is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to enhance their privileges ...

CVE-2024-34312

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting XSS vulnerability via the component vplide.js...

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

GHSA-QCJ3-WPGM-QPXH XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

CVE-2024-35247

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-35247 fpga: region: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

CVE-2024-34312

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting XSS vulnerability via the component vplide.js...

PT-2024-25784 · Moodle · Virtual Programming Lab

Name of the Vulnerable Software and Affected Versions: Virtual Programming Lab for Moodle versions up to 4.2.3 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was found in the component vplide.js. Recommendations: For versions up to 4.2.3, update ...

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.0-rc-1, which stems from the possibility that programming privileges may be inherited via include, which could le...

CVE-2024-34312

CVE-2024-34312 affects Virtual Programming Lab for Moodle up to v4.2.3, with a cross-site scripting (XSS) vulnerability in the vplide.js component. The issue arises from insufficient input handling/escaping in vplide.js, enabling arbitrary script execution in the victim’s browser. Documented impa...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through specially created API requests...

OPENSUSE-SU-2024:11824-1 ruby3.1-rubygem-activejob-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activejob-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...