nodejs:18 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

SUSE: Security Advisory (SUSE-SU-2023:3495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: mingw-qt5-qtbase-5.15.10-4.fc38

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Exploit for Incorrect Calculation in Google Android

CVE-2020-0022 Many thanks to Insinuator for their amazing blo...

CVE-2023-39521

CVE-2023-39521 affects Tuleap, where content in the Kanban and PV2 apps’ card fields is not properly escaped. The issue can be triggered when an agile dashboard administrator deletes a kanban with a malicious label, potentially allowing uncontrolled code execution. Affected products/versions: Tul...

CVE-2023-39521 Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" visible in the kanban and PV2 apps ...

CVE-2023-38508

Summary: CVE-2023-38508 affects Tuleap: Community Edition < 14.11.99.28 and Enterprise Edition < 14.10-6,

[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.15-1.fc38

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

SUSE: Security Advisory (SUSE-SU-2023:3398-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CODESYS Development System Installed (Windows)

Binary data codesyssystemdevelopmentwininstalled.nbin...

编号撤回

OpenJDK is an open source version of the OpenJDK open source development environment for Java. This CVE number has been withdrawn...

Tackling the OAuth2 Client component model in Spring Security

In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...

Malicious code in web-dev-for-beginners (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2023-1503 Malicious code in web-dev-for-beginners (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

The vulnerability of software for developing and optimizing Intel AI systems is related to an uncontrolled element in the search process, allowing attackers to enhance their privileges.

The vulnerabilities of the software used in the development and optimization of Intel AI systems are related to an uncontrollable element in the search process. Exploiting these vulnerabilities can allow attackers, who operate remotely, to enhance their privileges...

CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

Threat Actors Using Obfuscation in Attempt to Evade Detection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

PT-2023-21748 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the TigerGraph platform, which installs a full development toolchain within every TigerGraph deployment. This allows an attacker to compile new executables on each...