Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the unenforced use of the TLS protocol and the ability of a client to force an option to support a weaker TLS protocol...

ROS-20230619-05

A vulnerability in the pip module of the Python programming language is related to incorrect input validation in the Policy component python-pip in Oracle Communications Cloud Native Core Policy. Exploitation The vulnerability could allow an attacker acting remotely to manipulate data. The...

Expanding horizons—Microsoft Security’s continued commitment to multicloud

Multicloud strategies have become the new norm for most enterprises, with more than 90 percent of organizations adopting multiple cloud infrastructures, platforms, and services to run their businesses.1 However, a lack of visibility into their digital infrastructure exposes them to significant...

CVE-2023-34112

JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message​ parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...

Nacos Jraft Hessian Deserialization Vulnerability

Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.3 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.3 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

How to Split web traffic between Citrix Secure Web and native browser

By default, all Secure Mail generated web traffic is processed with Secure Web. If you prefer to split those web traffic between Secure Web and native browser, you maycreate a list of URLs typically, internal domains via configuring an MDX policy in the Citrix Endpoint Management console called...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

Malicious code in native-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15bc529afd6136e85dade76e843db9a6cd064fdba0b39e6b954819d53bc83d7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-615 Malicious code in native-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15bc529afd6136e85dade76e843db9a6cd064fdba0b39e6b954819d53bc83d7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

CVE-2023-31747

Wondershare Filmora 12 Build 12.2.1.2088 was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges...

PT-2023-23445 · Wondershare · Wondershare Filmora

Name of the Vulnerable Software and Affected Versions: Wondershare Filmora 12 Build 12.2.1.2088 Description: The issue is related to an unquoted service path vulnerability via the NativePushService component. This allows attackers to launch processes with elevated privileges. Recommendations: For...

Malicious code in stripe-terminal-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1310 Malicious code in stripe-terminal-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2023-24832

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...