SUSE CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

SUSE CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789,...

The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information

The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

CVE-2022-48302

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality...

PT-2023-15554 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.3.0 Description: Insufficient privilege verification allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. The issue has been corrected so that only agents with write...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version v5.3.0, which stems from insufficient privilege validation, and can be exploited by an attacker to make changes to the labels of its customers' tickets using the Zamma...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

CVE-2022-26872

AMI Megarac Password reset interception via API...

PT-2023-1336 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized...

Fedora: Security Advisory for redis (FEDORA-2023-68ae37fca3)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

GHSA-Q764-G6FM-555V Path traversal in spotipy

Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

RLSA-2023:0328 Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

Fedora: Security Advisory for rust (FEDORA-2023-575fcaf4bf)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: rust-1.66.1-1.fc36

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

API Mediation Layer 授权问题漏洞

The API Mediation Layer is an API mediation layer that provides a single access point to the Mainframe Services REST API. A security vulnerability exists in API Mediation Layer versions 1.16 through 1.19. An attacker exploiting this vulnerability could manipulate JWT tokens without knowing the JW...