4991 matches found
XWiki Platform Code Injection Vulnerability
XWiki Platform is a suite of Wiki platforms from the XWiki Foundation in France for creating collaborative Web applications. A code injection vulnerability exists in XWiki Platform 1.0 and later versions that could allow an attacker with programming privileges to execute arbitrary code on the...
[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39
The Go Programming Language...
[SECURITY] Fedora 39 Update: llvm-17.0.2-1.fc39
LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. The compiler infrastructure includes mirror sets of programming tools as well as libraries with equivalent functionality...
UBUNTU-CVE-2023-41260
Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37
The Go Programming Language...
[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38
The Go Programming Language...
Qualys API Best Practices: Web Application Scanning API
This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...
CVE-2023-37908
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...
CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...
CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...
Lenovo XClarity Controller SQL Injection Vulnerability
Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a SQL injection vulnerability that originates from an authenticated XCC user with elevated...
RLSA-2023:5738 Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...
python3 security update
An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...
[SECURITY] Fedora 38 Update: wangle-2023.10.16.00-1.fc38
Wangle is a library that makes it easy to build protocols, application client s, and application servers. It's like Netty + Finagle smooshed together, but in C++...
Important: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update
An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: python27:2.7 security update
An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated...
ALSA-2023:5997 Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Apache Airflow 信息泄露漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...