Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

ALSA-2024:3128 Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2023-52854

In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...

CVE-2021-47303

In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling mappoketrack, but on program release there is no hook to call mappokeuntrack. However, on program release, the aux memory and poke...

Important: Red Hat Security Advisory: go-toolset-1.19-golang security update

An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability of the R programming language interpreter, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code in the target system.

The vulnerability of the R programming language interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using specially created RDS and .rdx files...

CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

PT-2024-24114 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy usage trends. A security vulnerability previously existed in Cyber Power Systems PowerPanel Enterprise v2.8.3, which stemmed from an...

PT-2024-24113 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.11.0 that stems from the ability to edit data extracts on the API...

CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

SUSE-SU-2024:1587-1 Security update for go1.22

This update for go1.22 fixes the following issues: Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - CVE-2024-24788: net: high cpu usage in extractExtendedRCode bsc1224018 - cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64...

Fedora 39 : R (2024-07b7b83a4f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Security fix for CVE-2024-27322 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

R Programming Language 1.4.0 < 4.4.0 Insecure Deserialization

The version of the R Programming Language running on the remote host is 1.4.0 or later, before 4.4.0. It is, therefore, affected by an insecure deserialization vulnerability. Deserialization of untrusted data can occur, enabling a maliciously crafted RDS R Data Serialization formatted file or R...

F5 BIG-IP SQL注入漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A SQL injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to send crafted...

R Programming Language Installed (Windows)

Binary data rlangwininstalled.nbin...