SUSE CVE-2023-4610

The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

The vulnerability of the CODESYS Development System, a programming platform for embedded systems, lies in its insufficient authentication attempts limitation. This allows attackers to make an unlimited number of password input attempts.

The vulnerability of the CODESYS Development System, a programming platform for embedded systems, is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows attackers to perform an unlimited number of password input attempts...

Vapor Security Breach

Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu. A security vulnerability exists in Vapor that stems from a denial of service DoS vulnerability due to a problem encountered...

USN-6414-2: Django vulnerabilities

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

Design/Logic Flaw

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

Cisco Emergency Responder 信任管理问题漏洞

Cisco Emergency Responder is an emergency response framework from Cisco USA. A trust management issue vulnerability exists in Cisco Emergency Responder version 12.51SU4, which arises from the presence of static user credentials for the root account, which are typically used during development, an...

How to Embrace a Cloud Security Challenge Mindset

CISOs responsible for tackling cloud security challenges need to rethink traditional security practices, protect apps and infrastructure they don’t control, and justify enterprise security investments. Trend Micro’s Bryan Webster told the AWS SecurityLIVE! audience it can all be done—by embracing...

Apepe - Enumerate Information From An App Based On The APK File

Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language... Installing / Getting started A quick guide of how to install and u...

SUSE: Security Advisory (SUSE-SU-2023:3894-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Engineers Online Portal SQL Injection Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...

Important: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the fact that it allows a user to introduce or modify arguments, enabling an attacker to increase their privileges.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an attacker to enhance their privileges...

SUSE: Security Advisory (SUSE-SU-2023:3755-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...