Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the search function in its application API, where the name field in the aggregations object is susceptib...

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

PrivX 安全漏洞

SSH PrivX is a scalable, cost-effective and highly automated privileged access management PAM solution from SSH. A security vulnerability exists in PrivX versions prior to 34.0 that stems from allowing data leakage and denial of service via the REST API...

ROS-20240805-02

A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...

ROS-20240805-08

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...

ROS-20240805-03

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

Impact Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki...

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

Why (and How) APIs and Web Applications Are Under Siege

Read a summary of the latest SOTI report, which tackles the security risks in web applications and APIs, and the infrastructure that powers them...

AZL-47079 CVE-2024-42227 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dmlcoremodeprogramming WHY &modelib-mp.Watermark and &locals-Watermark are the same address. memcpy may lead to unexpected behavior. HOW memmove should be used...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the drm/amd/display module in dmlcoremodeprogramming, where &modelib-p.Watermark and &locals-Watermark ar...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

ROS-20240729-11

A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20240729-09

Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...

SUSE CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

[SECURITY] Fedora 40 Update: ruby-3.3.4-11.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ROS-20240422-11

Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the end of the HTTP/2 is related to uncontrolled resource consumption as a resul...