Privilege escalation

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

The administration panel of the Ivanti Sentry integrated mobile security firewall has vulnerabilities. These vulnerabilities allow a intruder to modify configurations, execute system commands, or write files to the system.

The vulnerability of the administration panel of the Ivanti Sentry integrated mobile security gateway is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify configurations, execute system commands, or write files to the syst...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

PT-2023-9455 · Go +7 · Go +7

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the processing of incomplete post-handshake messages for QUIC connections, which can cause a panic. Additionally, there is a vulnerability in the HandleData function of t...

[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Important: Red Hat Security Advisory: rust-toolset-1.66-rust security update

An update for rust-toolset-1.66-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2023-28767 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a Denial of Service DoS that can be caused by an authenticated user to the REST API Interface. Recommendations: ...

ALSA-2023:4635 Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

CVE-2023-39404

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...

OESA-2023-1501 golang security update

The Go Programming Language. Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host o...

[SECURITY] Fedora 37 Update: golang-1.19.12-1.fc37

The Go Programming Language...

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

[SECURITY] Fedora 38 Update: golang-1.20.7-1.fc38

The Go Programming Language...

Qualcomm Chipsets Code Issue Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in the Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when a service API is called with an invalid address...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege Escalat...

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...