SUSE-SU-2024:0045-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

Rapid7’s Data-Centric Approach to AI in Belfast

Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-50253

Summary: CVE-2023-50253 affects Laf, a cloud development platform. Versions 1.0.0-beta.13 and earlier expose a log retrieval interface that does not verify pod permissions, allowing authenticated users to read any pod logs within the same namespace and access sensitive information printed in logs...

SUSE: Security Advisory (SUSE-SU-2023:4982-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Rational Asset Manager Privilege Control Issue Vulnerability

IBM Rational Asset Manager is a collaborative software development tool from IBM, USA. Organizations can use it to identify, manage and govern the design, development and use of software assets and services. A privilege control issue vulnerability exists in IBM Rational Asset Manager version 7.5...

[SECURITY] Fedora 38 Update: tor-0.4.8.10-1.fc38

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

SUSE: Security Advisory (SUSE-SU-2023:4972-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-9de52d46bd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not...

AWS SDK for PHP Path Traversal Vulnerability

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services from Amazon.com, Inc. based on the PHP platform. A path traversal vulnerability exists in AWS SDK for PHP versions prior to 3.288.1, which stems from the presence of a URI path traversal vulnerability...

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-05880)

Data Leakage Protection DLP system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection DLP system of Beijing Yisetong Technology Development Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by...

SUSE: Security Advisory (SUSE-SU-2023:4942-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-31869

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.288.1 Description A URI path traversal issue exists in the AWS SDK for PHP, specifically within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot. This issue is possible du...

PT-2023-8248 · Gitlab · Gitlab Remote Development +1

Name of the Vulnerable Software and Affected Versions: GitLab Remote Development versions prior to 16.5.6 GitLab Remote Development version 16.6 prior to 16.6.4 GitLab Remote Development version 16.7 prior to 16.7.2 Description: The issue is related to improper access control in GitLab Remote...

Russian SVR Exploits Critical TeamCity Vulnerability Globally

Summary: A critical vulnerability CVE-2023-45247 in JetBrains TeamCity is actively exploited by Russias SVR cyber actors APT 29, allowing full server compromise. The targeted software widely used by developers poses a significant threat, enabling access to sensitive information and potential...

The vulnerability of the server.transformIndexHtml() function on the local development server of the Vite application allows attackers to perform cross-site scripting attacks.

The vulnerability of the server.transformIndexHtml function on the local development server of the Vite application is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access...