The vulnerability of open-source development environments for UEFI EDK2, related to configuration errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to configuration errors. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release

Red Hat OpenShift Dev Spaces 3.16 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

SUSE: Security Advisory (SUSE-SU-2024:3203-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security in Your DevOps Pipeline

...

CVE-2024-7784

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2024-7784

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...

SUSE: Security Advisory (SUSE-SU-2024:3182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3192-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

My Journey To CTO for Imperva App Sec

I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in application...

[SECURITY] Fedora 40 Update: python-django-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 39 Update: python-django4.2-4.2.16-1.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Rust Canister Development Kit 安全漏洞

Rust Canister Development Kit is a DFINITY open source Rust development kit for Internet computers. A security vulnerability exists in the Rust Canister Development Kit, which is caused by a memory leak where not all references are removed before resolving the Future...

CVE-2024-44960

The CVE-2024-44960 entry concerns a Linux kernel issue in usb gadget core where a descriptor may be unset, causing a null pointer panic. The resolution involves ensuring the descriptor is set before inspecting maxpacket, addressing cases where an endpoint for the current speed is not properly con...

CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

ROS-20240904-02

Vulnerability of Microsoft .NET software platforms and Microsoft software development tools Visual Studio is related to a heap buffer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

@aws-cdk/integ-runner (>=2.142.0-alpha.0 <=2.148.0-alpha.0), @jill64/sveltekit-adapter-aws (>=1.9.3 <=1.9.45) +3 more potentially affected by CVE-2024-45037 via aws-cdk (>=2.142.0 <=2.148.0)

aws-cdk NPM version =2.142.0, =2.142.0-alpha.0, =1.9.3, =3.1.6, =2.142.0, =2.148.0 Source cves: CVE-2024-45037 Source advisory: OSV:GHSA-QJ85-69XF-2VXQ...