Lucene search
K

2259 matches found

OSV
OSV
added 2024/03/27 4:35 a.m.33 views

RLSA-2024:1503 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

8.1CVSS7.7AI score0.03168EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/03/20 12:0 a.m.44 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

7.5CVSS7.2AI score0.03168EPSS
Exploits0References4
CISA
CISA
added 2024/03/18 12:0 p.m.6 views

Repository for Software Attestation and Artifacts Now Live

Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of...

7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/11 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2024:0813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.8AI score0.03174EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/07 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2024:0785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.0079EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2023:1864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS6.9AI score0.00294EPSS
Exploits1References4
OSV
OSV
added 2024/02/27 7:4 p.m.6 views

AZL-35471 CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

9.8CVSS6.9AI score0.01418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2

Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...

9.1CVSS7.2AI score
Exploits0References4
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.7 views

Silicon Labs Ember ZNet Code Issue Vulnerability

Silicon Labs Ember ZNet is a protocol stack software from Silicon Labs, Inc. A code issue vulnerability exists in Silicon Labs Ember ZNet SDK prior to version v7.4.0 that stems from the presence of a NULL pointer dereference, which may cause a system crash...

7.5CVSS7AI score0.00515EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/02/22 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2024:0578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS9.1AI score0.00816EPSS
Exploits0References4
HackRead
HackRead
added 2024/02/21 7:0 p.m.11 views

Top Software Development Outsourcing Trends

By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends...

7.2AI score
Exploits0
CNVD
CNVD
added 2024/02/21 12:0 a.m.15 views

Siemens Polarion ALM Authentication Error Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. An authentication error vulnerability exists in Siemens Polarion ALM, which can be exploited by an attacker to...

9.8CVSS7.1AI score0.00557EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/21 12:0 a.m.12 views

Siemens Polarion ALM Faulty Default Privileges Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. Siemens Polarion ALM has a false default privilege vulnerability that can be exploited by an attacker to...

7.8CVSS7.8AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

Silicon Labs Gecko SDK Security Vulnerability

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in Silicon Labs Gecko SDK v4.4.0 and earlier versions, which stems from ...

7.5CVSS6.7AI score0.00396EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/02/16 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2024:0520-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.8AI score0.01465EPSS
Exploits0References4
HackRead
HackRead
added 2024/02/14 4:58 p.m.14 views

5 Ways to Maximize the Impact of IaC Scans

By Uzair Amir Infrastructure-as-code IaC continues to gain traction and is even hailed for having changed software development towards greater efficiency… This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.3 views

Intel SDK for OpenCL(TM) Applications Security Vulnerability

Intel SDK for OpenCLTM Applications is a full-featured development environment from Intel Corporation. A security vulnerability exists in the Intel SDK for OpenCLTM Applications software that stems from an uncontrolled search path issue that could lead to privilege escalation via local access by ...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/06 3:58 p.m.5 views

CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...

5.3CVSS6.4AI score0.0053EPSS
Exploits0References4
CVE
CVE
added 2024/02/06 3:58 p.m.42 views

CVE-2024-23344

CVE-2024-23344 describes an information-disclosure risk in Tuleap where, during a multi-user permission validation, some users could access restricted information (e.g., contents of artifacts or email notifications). The issue is categorized as an authorization/bypass-type disclosure affecting Tu...

6.5CVSS6.3AI score0.0053EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/02/01 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2024:0265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.3AI score0.00805EPSS
Exploits0References4
Rows per page
Query Builder