Lucasg2G

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.8.2 **Description** A flaw exists in JeecgBoot that allows for improper authorization. This occurs through manipulation of a function related to the file `/sys/tenant/exportXls`. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Update JeecgBoot to a version later than 3.8.2.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions through 3.8.2 **Description** A security flaw exists in JeecgBoot related to improper authorization. The issue is located in an unknown function within the `/sys/user/exportXls` file of the Filter Handler component. The flaw is exploitable remotely and the exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Update JeecgBoot to a version later than 3.8.2.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions through 3.8.2 **Description** A security issue exists in JeecgBoot that allows for improper authorization. This is related to a file at `/sys/position/exportXls` and an unknown function within it. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** Update JeecgBoot to a version beyond 3.8.2.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.8.2 **Description** A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the `departId` argument in the processing of the file '/api/getDepartUserList' API endpoint. The attack can be carried out remotely and is considered difficult to exploit, but the exploit has been publicly disclosed. The vendor was informed about this issue but did not provide a response. **Recommendations** Update JeecgBoot to a version later than 3.8.2.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions up to 3.8.2 **Description** A flaw exists in JeecgBoot that allows for improper authorization. This is due to the manipulation of the `ids` argument within an unknown function of the `/sys/tenant/deleteBatch` file. The attack can be carried out remotely, but requires a high level of complexity and is considered difficult to exploit. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** Update JeecgBoot to a version newer than 3.8.2.

**Name of the Vulnerable Software and Affected Versions** fuyang lipengjun platform version 1.0 **Description** A vulnerability exists in the `AttributeCategoryController` function within the `/attributecategory/queryAll` file, leading to improper authorization. The attack can be launched remotely and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fuyang lipengjun platform version 1.0 **Description** A security flaw exists in the `AttributeController` function within the `/attribute/queryAll` file of the fuyang lipengjun platform. Manipulation of this function leads to improper authorization. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fuyang lipengjun platform version 1.0 **Description** A weakness exists in the `BrandController` function of the `/brand/queryAll` file, potentially leading to improper authorization. This issue can be exploited remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Consider temporarily disabling the `BrandController` function until a fix is available. Restrict access to the `/brand/queryAll` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 17.1 **Description** A high severity flaw allows unprivileged users to alter sensitive environment variables, such as `PATH`, potentially leading to code execution. **Recommendations** For versions prior to 17.1, update to the latest version to resolve the issue.