[SECURITY] Fedora 37 Update: golang-1.19.8-1.fc37

The Go Programming Language...

PYSEC-2023-22

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

CVE-2023-29201

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from a broken access control under /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings,...

Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface API that isn't officially documented or supported. Contrary...

JTEKT ELECTRONICS Kostac PLC Programming Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Kostac PLC Programming Software Vulnerabilities: Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Fedora: Security Advisory for golang (FEDORA-2023-7442702a7d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

lua security update

An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lua packages provide support for Lua, a powerful light-weight programming...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 36 Update: golang-1.19.7-1.fc36

The Go Programming Language...

CVE-2023-1749

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...

[SECURITY] Fedora 38 Update: golang-1.20.2-1.fc38

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2023-8ee7d4a8e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directus 资源管理错误漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in the Directus API version v.2.2.0. A remote attacker could exploit this vulnerability to cause a denial of service via a large number of HTTP requests to the system...

Nextcloud 信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud that stems from a user being able to obtain the full data directory path to the Nextcloud serve...

The vulnerability of the Kubernetes cloud platform Red Hat OpenShift Data Science (RHODS) allows a hacker to send arbitrary API requests.

The vulnerability of the Kubernetes cloud platform Red Hat OpenShift Data Science RHODS is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to send arbitrary API requests remotely...

PT-2023-21996 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.6 Nextcloud Server versions 25.0.0 through 25.0.4 Nextcloud Enterprise Server versions 23.0.0 through 23.0.11 Nextcloud Enterprise Server versions 24.0.0 through 24.0.6 Nextcloud Enterprise Server...