CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

CVE-2024-34312

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting XSS vulnerability via the component vplide.js...

PT-2024-25784 · Moodle · Virtual Programming Lab

Name of the Vulnerable Software and Affected Versions: Virtual Programming Lab for Moodle versions up to 4.2.3 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was found in the component vplide.js. Recommendations: For versions up to 4.2.3, update ...

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.0-rc-1, which stems from the possibility that programming privileges may be inherited via include, which could le...

CVE-2024-34312

CVE-2024-34312 affects Virtual Programming Lab for Moodle up to v4.2.3, with a cross-site scripting (XSS) vulnerability in the vplide.js component. The issue arises from insufficient input handling/escaping in vplide.js, enabling arbitrary script execution in the victim’s browser. Documented impa...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

OPENSUSE-SU-2024:11824-1 ruby3.1-rubygem-activejob-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activejob-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from an internal program within the multifunction device where certain APIs do not check for filename input, allowing arbitrary files t...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internally maintained REST API that could be exploited by a remote...

[SECURITY] Fedora 39 Update: libarchive-3.7.1-2.fc39

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

Fedora: Security Advisory (FEDORA-2024-b15a51292f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Bug Fix Advisory: golang bug fix update

An update for golang is now available for Red Hat Enterprise Linux 9. The golang packages provide the Go programming language compiler. Bug Fixes: Rebase to 1.21.10 JIRA:RHEL-35630 Re-enable CGO for cmd/go rhel-9.4.z JIRA:RHEL-36988...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data...