8663 matches found
Moderate: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Moderate: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2024:0790 Moderate: nss security update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: vulnerable to Minerva side-channel information leak CVE-2023-6135 For more details about the security issues, including t...
Micronaut management endpoints vulnerable to drive-by localhost attack
Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...
GHSA-583G-G682-CRXF Micronaut management endpoints vulnerable to drive-by localhost attack
Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...
Design/Logic Flaw
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition allows attackers to disclose protected information.
The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2024-23344
CVE-2024-23344 describes an information-disclosure risk in Tuleap where, during a multi-user permission validation, some users could access restricted information (e.g., contents of artifacts or email notifications). The issue is categorized as an authorization/bypass-type disclosure affecting Tu...
CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...
Nemesis - An Offensive Data Enrichment Pipeline
Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...
GNAT Ada Suite: Remote Code Execution
Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
SUSE: Security Advisory (SUSE-SU-2024:0265-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability in the set of tools for web development, DevTools, available in Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allows a hacker to escalate their privileges.
The vulnerability of the DevTools suite for web development in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the syncNtpTime function of Vinchin Backup and...
AI likely to boost ransomware, warns government body
The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2024-23641
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
Design/Logic Flaw
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
CVE-2024-23641
CVE-2024-23641 affects SvelteKit 2 apps when handling HTTP GET/HEAD requests with a body (e.g., {})—these requests crash the preview/hosted app, including TRACE, causing DoS. The issue specifically impacts deployments using @sveltejs/adapter-node versions 2.1.2, 3.0.3, or 4.0.1 and @sveltejs/kit ...