XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from the fact that in the administration interface, anyone who can edit any wiki page in an XWiki installation can gain...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

PT-2023-32783 · Microweber · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: A vulnerability has been identified in microweber where users can exploit business logic errors to obtain items at a lower price. This occurs when the admin disables the use of the coup...

Golang Go Programming Language Installed (macOS)

Binary data golangmacosinstalled.nbin...

CVE-2023-6758

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...

Improper Handling of Insufficient Privileges (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...

[SECURITY] Fedora 39 Update: perl-5.38.2-502.fc39

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

AZL-32100 CVE-2023-45287 affecting package golang for versions less than 1.20.0-1

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

PT-2023-8934 · Unknown · Freertos Kernel

Name of the Vulnerable Software and Affected Versions: FreeRTOS Kernel versions through 10.6.1 Description: The issue is related to insufficient protection against local privilege escalation via Return Oriented Programming techniques, should a vulnerability exist that allows code injection and...

Fedora: Security Advisory for golang (FEDORA-2023-7e185b8c12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: golang-1.20.11-1.fc37

The Go Programming Language...

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Ethereum ABI decoder DoS when parsing ZST

With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...