Wiz extends CNAPP leadership with protection for Alibaba Cloud

Support for Alibaba Cloud follows just weeks after launch of Oracle Cloud Infrastructure OCI integration, providing organizations the broadest coverage of any cloud native application protection platform CNAPP...

UBUNTU-CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated...

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-57203)

An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based, a Web browser that ships with post-Windows 10 versions of Microsoft Corporation USA. The vulnerability stems from a failure to properly program a call to a high-level native procedure. An attacker could exploit this...

CVE-2022-31098

Weave GitOps vulnerable to information disclosure in logs: when connecting to a registered Kubernetes API server, the client factory dumps cluster configurations and service account tokens into pod logs on the management cluster or external log storage. An authenticated remote attacker could acce...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.3 on OpenShift 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Malicious Package

Overview react-native-performance-monorepo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

Malicious Package

Overview @react-native-tscodegen/tslint-shared is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

How to Secure App Development in the Cloud, With Tips From Gartner

Building applications in the cloud has been great for development speed and scalability, but it can sometimes feel more like a sustained migraine for security teams. How do you keep your cloud applications safe without resorting to a dizzying patchwork of overlapping tools and dispersed services?...

react-native-url-preview (=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=2.0.4 <=2.1.13)

link-preview-js NPM version =2.0.4, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: SNYK:JS-LINKPREVIEWJS-2933520...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

MAL-2022-555 Malicious code in @react-native-tscodegen/tslint-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e2920511a6030acb6748a13dce7281e827a19c4c2e46c876e98887d428d3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2966 Malicious code in fantasy-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ad3855b3b7c4df575505453fa0698a7dff1eaf3c124a19e6995f2f66b19b8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fantasy-android-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cb3db34a20c520973803672a3bd3c37e25de973b52f16f86733814eb07a3810 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fantasy-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ad3855b3b7c4df575505453fa0698a7dff1eaf3c124a19e6995f2f66b19b8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2965 Malicious code in fantasy-android-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cb3db34a20c520973803672a3bd3c37e25de973b52f16f86733814eb07a3810 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5656 Malicious code in react-native-camera-kit-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3e82d1c530731419cac7916aa1d029e236fcebde8ca18509bda12493d281970 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-camera-kit-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3e82d1c530731419cac7916aa1d029e236fcebde8ca18509bda12493d281970 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5659 Malicious code in react-native-wix-engine-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc7f90939e7d4d79c1891948c561a8f6a3bdac331ebbe2341985df25cf5cc295 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-wix-engine-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc7f90939e7d4d79c1891948c561a8f6a3bdac331ebbe2341985df25cf5cc295 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...