Supply Chain Cybersecurity Risk Management Guide

Your organization's security is only as strong as its weakest vendor. A single compromised supplier, an unpatched software dependency, or a breached managed service provider can give attackers a direct path into your environment, bypassing every control you have built internally. The SolarWinds...

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'...

Security update for coredns (moderate)

openSUSE Security Update: Security update for coredns Announcement ID: openSUSE-SU-2025:0131-1 Rating: moderate References: 1239294 1239728 Cross-References: CVE-2024-51744 CVSS scores: CVE-2024-51744 SUSE: 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products:...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1276)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-23089

Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities...

CVE-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.2.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +904 more potentially affected by CVE-2023-0105 via org.keycloak:keycloak-core (>=10.0.0 <=22.0.0)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.10.0, =0.10.0, =0.5.0, =0.10.5-experimental and more Source cves: CVE-2023-0105 Source advisory: OSV:GHSA-C7XW-P58W-H6FJ...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41897 via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41897 Source advisory: OSV:GHSA-F2W8-JW48-FR7J...

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas...

FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering

Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability...

SUSE-SU-2021:3908-1 Security Beta update for SUMA client tools

This update fixes the following issues: dracut-saltboot: - Fix dependencies of python libs bsc1188846 - Update to version 0.1.1628156312.dbd0dec - Force installation of libexpat.so.1 bsc1188846 - Update to version 0.1.1627546504.96a0b3e - Use kernel parameters from PXE formula also for local boot...

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'...

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +23007 more potentially affected by CVE-2014-0114 via commons-beanutils:commons-beanutils (>=1.8.0 <=1.9.3)

commons-beanutils:commons-beanutils MAVEN version =1.8.0, =1.1, =0.0.1, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.1.12, =0.0.2, =0.1.6 - ai.grakn.kgms:client =1.4.3 and more Source cves: CVE-2014-0114 Source advisory: OSV:GHSA-P66X-2CV9-QQ3V...

SUSE-SU-2020:1352-1 Security update for ant

This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053. Non-security issues fixed: - Add rhino to the...

OPENSUSE-SU-2018:0629-1 Security update for go1.8

This update for go1.8 fixes the following issues: Security issues fixed: - CVE-2018-6574: 'go get' allows for remote command execution during source code build bsc1080006. Bug fixes: - bsc1082409: Review dependencies requires, recommends and supports This update was imported from the...

OPENSUSE-SU-2017:2594-1 Security update for fmpeg

This update for ffmpeg to version 3.3.4 fixes a number of security issues and bugs. This update also adds lame, twolame and SDL2 to the PackageHub as dependencies...