R -- arbitrary code execution vulnerability

HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

Fedora 40 : rust (2024-ab4573fb3b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ab4573fb3b advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.3.0, which stems from a user with customer access rights to a ticket being able to access the ticket's time statistic details via the API...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from an inability to remove detailed error messages from API requests. An attacker could exploit this vulnerability to obtain...

The vulnerability of the mb_encode_mimeheader() function in the PHP programming language allows a hacker to trigger a denial-of-service attack.

The vulnerability of the mbencodemimeheader function in the PHP programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the KEYENCE CORPORATION’s programming software for programmable logic controllers, as well as the software for viewing and analyzing controller data, called KV REPLAY VIEWER, stems from a flaw related to memory-walking attacks. This flaw allows attackers to execute arbitrary code.

The vulnerability of the KEYENCE CORPORATION KV STUDIO programming software and the KV REPLAY VIEWER data viewing and analysis software lies in memory reading outside the bounds of the memory space. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the KEYENCE CORPORATION’s programming software for programmable logic controllers, as well as the data viewing and analysis software for controllers called KV REPLAY VIEWER, relates to writing beyond the buffer boundaries in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the KEYENCE CORPORATION KV STUDIO programming software and the KV REPLAY VIEWER data viewing and analysis software lies in the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remote...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

ALSA-2024:1962 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 For more details about the security issues, including the impact, a CVSS score...

VulnCheck KEV: CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

[SECURITY] Fedora 40 Update: rust-1.77.2-1.fc40

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 38 Update: rust-1.77.2-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

VectorKernel - PoCs For Kernelmode Rootkit Techniques Research

PoCs for Kernelmode rootkit techniques research or education. Currently focusing on Windows OS. All modules support 64bit OS only. NOTE Some modules use ExAllocatePool2 API to allocate kernel pool memory. ExAllocatePool2 API is not supported in OSes older than Windows 10 Version 2004. If you want...

CVE-2024-26827

A flaw was found in the Linux kernel. An incorrect TRE sequence in the gpidrivers/dma/qcom/gpi.c driver may lead to compromised availability...

The vulnerability of the C language library for interacting with Azure services via uAMQP, related to integer overflow, allows attackers to execute arbitrary code.

The vulnerability of the C language library for interacting with Azure services via uAMQP is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created data...

[SECURITY] Fedora 39 Update: rust-1.77.2-1.fc39

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora 39 : rust (2024-6bc17db348)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6bc17db348 advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2024-31987

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote...

CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote...