Important: Red Hat Security Advisory: nodejs : security update

An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.6.0 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

SUSE: Security Advisory (SUSE-SU-2024:1833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-65V7-WG35-2QPM Sylius Resource Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

Microchip MPLAB 安全漏洞

Microchip MPLAB Net is an integrated development environment from Microchip Corporation. A security vulnerability exists in Microchip MPLAB that stems from the presence of a data validation issue...

PT-2024-40358 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions 3.7 through 4.x Description: The issue potentially discloses database connection details when SilverStripe is run in dev mode using the mysqli database driver. To mitigate this, sensitive parts of the connection...

PT-2024-40251 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: dev/build system controller affected versions not specified Description: A possible denial of service attack vector has been identified. The dev/build system now uses its own URL token for authentication when running outside of dev...

Fedora: Security Advisory (FEDORA-2024-d408b654d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php-oojs-oojs-ui (FEDORA-2024-2c564b942d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-40090 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.x Description: The issue allows unauthorized users to expose information typically hidden in production environments, such as verbose errors and debugging tools, by accessing certain URL parameters. This is...

Fedora: Security Advisory (FEDORA-2024-2ec03ca8cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Data Leak Exposes 500GB of Indian Police, Military Biometric Data

By Waqas The records belonged to two separate India-based firms, ThoughtGreen Technologies and Timing Technologies. Both provide application development, RFID technology, and biometric verification services. This is a post from HackRead.com Read the original post: Data Leak Exposes 500GB of India...

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

Introduction The Colonial Pipeline ransomware attack 2021 and SolarWinds supply chain attack 2020 were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers CISOs. These attacks highlighted the importance of collaboration between CISOs and DevOps teams...

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices arises from the fact that operation data is exposed beyond the buffer in memory. This allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices is related to the issue where operations go beyond the buffer in memory during system call processing. Exploiting this vulnerability can allow attackers to enhance their privileg...

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a attacker to compromise data integrity.

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper authentication. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices. The Kalay SDK, a microprogramming software for video surveillance cameras like Owlet Cam v1 and Owlet Cam v2, has a flaw related to the failure to eliminate special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands and increase their privileges.

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices is related to the failure to remove special elements used in the operating system’s command set when executing system calls like IOCTL during the unpacking of updates. Exploiting...

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script VBScript in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as...