Zoom VDI Client Security Vulnerability

Zoom VDI Client is a server-based computing model client from Zoom USA that allows you to deliver desktop images to endpoint devices over a network. A security vulnerability exists in Zoom. An attacker has exploited the vulnerability to perform privilege escalation via network access. The followi...

SUSE: Security Advisory (SUSE-SU-2023:4736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zoom Security Breach

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. Zoom suffers from a security vulnerability that stems from improper access control. An attacker could exploit this vulnerability to disclose information via network access. The following product...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-48225

CVE-2023-48225 affects Laf prior to v1.0.0-beta.13, where lax control of app environment variables enables leakage of sensitive data from secrets/configmaps via k8s envFrom. Root cause described: ES6 object references cause the entire referenced object to be embedded into the deployment template ...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause global buffer overflow CVE-2023-39615 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

CVE-2023-48715 Tuleap vulnerable to Cross-site Scripting on the edition page of a release

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of ...

CVE-2023-48715

CVE-2023-48715 affects Tuleap Community Edition and Tuleap Enterprise Edition. The root cause is that release names were not properly escaped on the edition page, enabling a malicious user who can create an FRS release to cause a user with write permissions to execute uncontrolled code. Affected ...

The vulnerability of software for internal threat modeling in the AXIS Security Development Model of the operating system AXIS OS, due to deficiencies in access control, allows attackers to circumvent existing security restrictions.

The software vulnerability for internal threat modeling is a flaw in Axis Security’s operating system development model. Exploiting this vulnerability allows a remote attacker to bypass existing security restrictions...

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

Authentication flaw

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

CVE-2023-35039

CVE-2023-35039 affects the WordPress plugin Password Reset with Code for WordPress REST API (versions

A Bootiful Podcast: Spring creator Rod Johnson and Oracle vice president Heather VanCura

Hi, Spring and software fans! In this installment of the show we have Spring creator and investor Rod Johnson and Oracle vice president Heather VanCura on the show to talk about the premise of her new book - Developer Career Masterplan, coauthored with fellow Java luminary Bruno Souza: building...

PT-2023-9538 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle Process Manufacturing Product Development versions 12.2.13 through 12.2.14 Description: The issue is related to weaknesses in the authorization procedure of the Quality Manager Specification component in Oracle Process Manufacturing...

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

PT-2023-28873 · Buildroot · Buildroot

Name of the Vulnerable Software and Affected Versions: Buildroot versions 2023.08.1 and dev commit 622698d7847 Description: A data integrity issue exists in the BR NO CHECK HASH FOR functionality, allowing a specially crafted man-in-the-middle attack to lead to arbitrary command execution in the...

CVE-2023-44381

CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...