CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

FreeBSD : Composer -- Code execution and possible privilege escalation (33ba2241-c68e-11ee-9ef3-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33ba2241-c68e-11ee-9ef3-001999f8d30b advisory. - Composer is a dependency Manager for the PHP language. In affected versions several files within the...

GHSA-7C6P-848J-WH5H Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code...

Leaky Vessels in Cloud Environments Shake Docker and Beyond

Summary: Four vulnerabilities, collectively termed Leaky Vessels, have been uncovered within container engine components, specifically affecting the runC command line tool. In the most severe instances, illicit entry into the underlying host operating system could result in the compromise of vita...

Engrampa Backlink Vulnerability

Engrampa is an archive manager for MATE environments. A security vulnerability exists in versions prior to Engrampa 63d5dfa, which stems from vulnerability to a path traversal vulnerability that can be exploited by an attacker to achieve remote command execution on the target server...

xorg-x11-server: heap buffer overflow in DisableDevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

xorg-x11-server: heap buffer overflow in DisableDevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

Prevent BEC with AI-Powered Email and Collaboration

Latest Trend Vision One™ platform integration addresses growing need for streamlined IT and security operations across email and messaging environments...

Announcing the Release of "Kubernetes Security for Dummies"

We're excited to announce the release of a comprehensive guide to mastering Kubernetes security: "Kubernetes Security for Dummies." Wiz collaborated with Wiley publications to create this essential resource, which covers various aspects of securing Kubernetes environments...

Announcing the Newest Game-Changing Upgrades of Qualys Cloud Agent

Qualys Cloud Agent Gets Powerful Enhancements for Boosting User Flexibility, Improved Control & Efficiency in VDI Environments, Seamless Updates, and More! We are excited to unveil a major upgrade to the Qualys Cloud Agent, marking a significant stride in cybersecurity management. The four update...

Support for machine profile in VMware

This article describes theSupport for machine profile feature in VMwareenvironments...

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

CVE-2023-4566

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-03030)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-03032)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates when a specially crafted cursor ...

Moderate: Red Hat Security Advisory: ipa security update

An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: idm:DL1 security update

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

CVE-2023-52137

The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verify-changed-files workflow returns the list of files changed within a workflow execution. This could potentially allow...