[SECURITY] Fedora 37 Update: python3.11-3.11.0~rc2-1.fc37

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

GitHub Advanced Security to CSV 安全漏洞

GitHub Advanced Security to CSV is a library by Natalie Somersall, an individual developer in the US. It is a simple GitHub operation for grabbing the GitHub Advanced Security API and pushing it to CSV. A security vulnerability exists in versions prior to GitHub Advanced Security to CSV V1 that...

GHSA-2G5C-228J-P52X XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...

[SECURITY] Fedora 37 Update: golang-1.19.1-1.fc37

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2022-67ec8c61d0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

Design/Logic Flaw

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

mysql: C API unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

CVE-2022-36114 Extracting malicious crates can fill the file system

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36113 Extracting malicious crates can corrupt arbitrary files

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

Moderate: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36

The Go Programming Language...

Transtek Mojodat FAM SQL注入漏洞

Transtek Mojodat FAM is a Fixed Asset Management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which stems from a vulnerability that allows remote attackers to send SCRIPT tags as injected input to API requests...

The vulnerability of the RESTCONF API application programming interface implementation of the SmartFabric OS10 network operating system allows a perpetrator to escalate their privileges.

The vulnerability of the RESTCONF API application programming interface for the SmartFabric OS10 network operating system is related to errors in privilege management. Exploiting this vulnerability can allow a malicious actor to escalate their privileges remotely...

ALSA-2022:6448 Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...

KLA19245 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

PT-2022-17823 · Baxter · Baxter Spectrum Wireless Battery Module

Name of the Vulnerable Software and Affected Versions: Baxter Spectrum Wireless Battery Module WBM affected versions not specified Description: The issue concerns the storage of network credentials and Protected Health Information PHI in unencrypted form, specifically applicable to Spectrum IQ...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...