Authentication flaw

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

Microsoft Security Update Validation Report March 2024

Microsoft’s March 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform lies in the lack of adequate testing of input data. This allows attackers to trigger service failures.

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause system failures...

Intumit SmartRobot Security Vulnerability

Intumit SmartRobot is a web development framework from Intumit, Inc. A security vulnerability exists in Intumit SmartRobot, which stems from the use of a fixed cryptographic key for authentication, and can be exploited by an attacker to gain administrator privileges and execute arbitrary code on ...

SUSE: Security Advisory (SUSE-SU-2024:0813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for easymock (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command Execution Vulnerability in the Client of KingSuperSCADA Operation System of Beijing Asian Control Technology Development Co.

Ltd. is a high-tech industrial automation and informatization software platform enterprise founded in 1997. A command execution vulnerability exists in the client side of the KingSuperSCADA operating system of Beijing Asian Control Technology Development Co...

Fedora: Security Advisory for velocity (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for sdljava (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: velocity-2.3-5.fc40

Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. When Velocity is used for web development, Web designers can work in parallel with Java programmers to develop web sites according to the...

[SECURITY] Fedora 40 Update: rstudio-2023.12.1+402-2.fc40

RStudio is an integrated development environment IDE for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. This package provides common files for rstudio-desktop and rstudio-server...

[SECURITY] Fedora 40 Update: jni-inchi-0.8-11.fc40

JNI-InChI enables Java software to generate IUPAC's International Chemical Identifiers InChIs by making Java Native Interface JNI calls to the InChI C library developed by IUPAC. All of the features from the InChI library are supported: - Standard and Non-Standard InChI generation from structures...

[SECURITY] Fedora 40 Update: jacop-4.9.0-5.fc40

Java Constraint Programming solver, JaCoP for short, is an open-source Java library, which provides Java users with Constraint Programming technology. JaCoP has been under active development since the year 2001. Krzysztof Kuchcinski and Radoslaw Szymanek are the core developers of this Java libra...

[SECURITY] Fedora 40 Update: easymock-4.3-8.fc40

EasyMock provides Mock Objects for interfaces in JUnit tests by generating them on the fly using Java's proxy mechanism. Due to EasyMock's unique style of recording expectations, most refactorings will not affect the Mock Objects. So EasyMock is a perfect fit for Test-Driven Development...

[SECURITY] Fedora 40 Update: clojure-maven-plugin-1.9.2-6.fc40

This plugin has been designed to make working with clojure as easy as possible, when working in a mixed language, enterprise project...

[SECURITY] Fedora 40 Update: antlrworks-1.5.2-29.fc40

ANTLRWorks is a novel grammar development environment for ANTLR v3 grammars written by Jean Bovet with suggested use cases from Terence Parr. It combin es an excellent grammar-aware editor with an interpreter for rapid prototyping a nd a language-agnostic debugger for isolating grammar errors...

Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec

Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...

Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec

Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...

Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Summary In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. Impact After...

SUSE: Security Advisory (SUSE-SU-2024:0785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...