Moderate: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

SUSE: Security Advisory (SUSE-SU-2023:2870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22006

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

Important: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

VX-API - Collection Of Various Malicious Functionality To Aid In Malware Development

The VX-API is a collection of malicious functionality to aid in malware development. It is recommended you clone and/or download this entire repo then open the Visual Studio solution file to easily explore functionality and concepts. Some functions may be dependent on other functions present with...

SUSE: Security Advisory (SUSE-SU-2023:2844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SAP NetWeaver Path Traversal Vulnerability (CNVD-2023-65181)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A path traversal vulnerability exists in SAP NetWeaver, which results from the program failing to properl...

SUSE: Security Advisory (SUSE-SU-2023:2816-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Coldfusion Access Control Bypass Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Azure Spring Apps Enterprise – More Power, Scalability & Extended Spring Boot Support

Can you believe Spring is celebrating its 20th anniversary this year? We could not have gotten here without our millions of Spring developers across the globe, thank you! Spring has been an essential tool for Java developers, and it continues to grow and innovate at a fast pace. From the onset,...

Zoom Client 路径遍历漏洞

Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in the Zoom Client SDK prior to version 5.15.0 that stems from relative path traversal. It could allow unauthorized users to achieve information disclosure via...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version v2.3-DEV-rev381-g817a848f6-master, which stems from a segmentation violation in the BMParseIndexValueReplace function in /lib/libgpac.so...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in the GPAC v2.3-DEV-rev381-g817a848f6-master version, which stems from a memory segment error in the gfisomremoveuserdata method of the /lib/libgpac.so file...

CLSA-2023-1688674204 java-1.8.0-openjdk: Fix of 7 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake 8294474 - CVE-2023-21937: Missing string checks for NULL characters 8296622 - CVE-2023-21938: Incorrect handling of NULL characters in...

The vulnerability of the software development environment of Totally Integrated Automation Portal (Portal TIA) lies in the breach of the data protection mechanism, allowing attackers to restore an unsecured version of the project.

The vulnerability of the software development environment of Totally Integrated Automation Portal Portal TIA is related to the breach of data protection mechanisms. Exploiting this vulnerability can allow attackers to restore an unsecured version of the project...

The vulnerability of the EnginePlugin plugin of the Application Programming Platform PLC CODESYS Development System allows a perpetrator to execute any command they desire.

The vulnerability of the EnginePlugin plugin of the PLK CODESYS Development System is related to the deserialization of unreliable data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the Project.get_MissingTypes() function in the ObjectManager plugin of the PLK CODESYS Development System application programming interface allows a attacker to execute any command they desire.

The vulnerability of the Project.getMissingTypes function in the ObjectManager plugin of the PLK CODESYS Development System lies in the deserialization of unreliable data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the application development environment for ISaGRAF programmable logic controllers allows attackers to access password information stored in an unencrypted form, thereby enabling them to compromise the protected data.

The vulnerability in the development environment for ISaGRAF Runtime Rockwell Automation applications relates to the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a hacker to disclose the protected information...

GHSA-W5W5-2882-47PC github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee

x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...