[SECURITY] Fedora 39 Update: golang-1.21.12-1.fc39

The Go Programming Language...

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

ruby security update

An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220-Exploit LMS Chamilo 1.11.24 CVE-2023-4220 Explo...

ROS-20240712-02

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function. verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotel...

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

SAP NetWeaver AS ABAP Protection Mechanism Failure (3456952)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. Note that...

Amazon Linux 2 : R (ALASR3.4-2024-001)

The version of R installed on the remote host is prior to 3.4.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2R3.4-2024-001 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not...

CVE-2024-27784

Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

CVE-2024-39599

CVE-2024-39599 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. The issue is a protection mechanism failure that allows a developer to bypass the configured malware scanner API due to a programming error. The practical impact is described as low for confidentiality, integrity,...

[SECURITY] Fedora 40 Update: golang-1.22.5-1.fc40

The Go Programming Language...

PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...

Fortinet FortiAIOps 日志信息泄露漏洞

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A log information disclosure vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from an application that does not adequately protect sensitive...

[SECURITY] Fedora 39 Update: libnbd-1.18.5-1.fc39

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

Moderate: Red Hat Security Advisory: go-toolset security update

An update for go-toolset is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2024:4237 Moderate: go-toolset security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-2479...

OESA-2024-1772 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...