Fedora: Security Advisory for golang-github-nats-io (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: nats-server-2.10.3-1.fc39

A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...

[SECURITY] Fedora 39 Update: golang-github-nats-io-1.30.1-1.fc39

Golang client for NATS, the cloud native messaging system...

AZL-31903 CVE-2023-46848 affecting package squid 5.7-5

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

UBUNTU-CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

What is a Cloud Native Application Protection Platform CNAPP ?

Revealing the Secrets of the Cloud-specific Application Safety Platform CSASP In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform CSASP is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from the US company Google. Google Android suffers from a security vulnerability that stems from improper input validation and allows native applications to access sensitive information...

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

Unlocking API Security Excellence: Wallarm at OWASP Global AppSec DC 2023

If you're involved in securing APIs, applications and web applications, or looking to learn about these, then the OWASP Global AppSec DC Conference next week is a must-attend event. Wallarm, the experts in API and application security, will be there, and we're excited to connect with you on Octob...

CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

Fedora: Security Advisory for nats-server (FEDORA-2023-c33188f575)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: nats-server-2.10.3-1.fc38

A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...

Oracle HTTP Server (October 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is...

CVE-2023-41898

CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...

CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

Home Assistant Code Injection Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...

RecycledInjector - Native Syscalls Shellcode Injector

Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...

MAL-2023-8321 Malicious code in react-native-transcribe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...

Malicious code in react-native-transcribe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...