WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...

PT-2023-36254 · Google +1 · Go +1

Name of the Vulnerable Software and Affected Versions: amazon-ecs-init affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.21. The update of amazon-ecs-init is intended to address this issue by rebuilding the package wi...

PT-2023-17071 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where a namespace-level banned user can access the API. Recommendations: For GitLa...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that user...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

python3.11 security update

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an accessible, high-level, dynamically typed, interpreted...

RLSA-2023:3594 Important: python3.11 security update

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fixes: python: urllib.parse url blocklisting bypass...

nodejs:16 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

This Week in Spring - August 29th, 2023 - the post SpringOne recovery blog

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm exhausted. Seriously. Last week was mental. If you need me, I'll be over sipping on a tea... But, before that, there's a ton of things to cover from this last week, as always, and there's no rest for the curious, so let's...

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf,"...

Privilege escalation

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

The administration panel of the Ivanti Sentry integrated mobile security firewall has vulnerabilities. These vulnerabilities allow a intruder to modify configurations, execute system commands, or write files to the system.

The vulnerability of the administration panel of the Ivanti Sentry integrated mobile security gateway is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify configurations, execute system commands, or write files to the syst...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

PT-2023-9455 · Go +7 · Go +7

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the processing of incomplete post-handshake messages for QUIC connections, which can cause a panic. Additionally, there is a vulnerability in the HandleData function of t...

[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Important: Red Hat Security Advisory: rust-toolset-1.66-rust security update

An update for rust-toolset-1.66-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2023-28767 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a Denial of Service DoS that can be caused by an authenticated user to the REST API Interface. Recommendations: ...

ALSA-2023:4635 Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...