5038 matches found
PT-2023-36211 Ā· Hashicorp Ā· Terraform-Provider-Aws
Name of the Vulnerable Software and Affected Versions: terraform-provider-aws affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The terraform-provider-aws package has been rebuilt to incorporate this security...
PT-2023-36207 Ā· Rekor Ā· Rekor
Name of the Vulnerable Software and Affected Versions: rekor affected versions not specified Description: The issue is related to a security release in the Go programming language, specifically version 1.20. The problem is addressed by rebuilding the rekor package with this security release...
PT-2023-36212 Ā· Hashicorp Ā· Terraform-Provider-Helm
Name of the Vulnerable Software and Affected Versions: terraform-provider-helm affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The terraform-provider-helm package has been rebuilt to incorporate this security...
CVE-2023-36607
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents...
Important: Red Hat Security Advisory: python27:2.7 security update
An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
User Registration < 3.0.2 - Subscriber+ PHP Object Injection
The plugin does not properly sanitize the 'profile-pic-url' parameter, leading to a potential PHP Object Injection. This vulnerability stems from the deserialization of untrusted input, potentially enabling a malicious user with subscriber-level permissions to inject a PHP Object. The issue may...
PT-2023-36206 Ā· BuildahĀ +1 Ā· BuildahĀ +1
Name of the Vulnerable Software and Affected Versions: buildah affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The buildah package has been rebuilt with this security release to address the issue. There is no...
PT-2023-4817 Ā· Xwiki Ā· Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.6 XWiki Platform versions prior to 15.1 Description: The issue allows an attacker to inject XWiki syntax and Velocity code, which is executed with programming rights, thus enabling remote code execution...
IBM Cloud Pak for Security äæ”ęÆę³é²ę¼ę“
IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A security vulnerability exists in IBM Cloud Pak for...
SUSE-SU-2023:2297-2 Security update for golang-github-vpenso-prometheus_slurm_exporter
This update of golang-github-vpenso-prometheusslurmexporter fixes the following issues: - rebuild the package with the go 1.19 security release bsc1200441 bsc1209658...
DLA-3469-1 lua5.3 - security update
Bulletin has no description...
Important: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update
An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
[SECURITY] Fedora 37 Update: golang-1.19.10-1.fc37
The Go Programming Language...
Important: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2023-27243
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API...
GHSA-RF8J-Q39G-7XFM XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Impact Any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. Patches The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. Workarounds The vulnerability can be fixed by applying this patch. ...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs...
CVE-2023-2907
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605...
Fedora: Security Advisory for golang (FEDORA-2023-802ea02cf1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...