Fedora 39 : freeipa (2024-9ab2666594)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ab2666594 advisory. Security update for CVE-2023-5455 Release notes: https://www.freeipa.org/release-notes/4-11-1.html Tenable has extracted the preceding description block...

Security Testing: Types, Tools, and Best Practices

Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve...

The vulnerability of the JavaFX component of Oracle Java SE and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to access confidential information.

The vulnerability of the JavaFX component of Oracle Java SE and the Oracle GraalVM Enterprise Edition software exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit (SDK) allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit SDK exist due to insufficient testing of input data. Exploiting these vulnerabilities can allow attackers to compromise the...

The vulnerability of the Hotspot component in Oracle Java SE and Oracle GraalVM for JDK/Oracle GraalVM Enterprise Edition virtual machines allows attackers to compromise data integrity.

The vulnerability of the Hotspot component of Oracle Java SE and the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

Exploit for Out-of-bounds Write in Microsoft

CVE-2023-28252-Compiled-exe A modification of Fortra's excell...

[SECURITY] [DLA 3713-1] subunit bugfix update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3713-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 21, 2024 https://wiki.debian.org/LTS -...

Artemis Java Test Sandbox Security Vulnerability

Artemis Java Test Sandbox is a JUnit 5 extension for the Applied Software Engineering TUM program at the Technical University of Munich, Germany. A security vulnerability exists in Artemis Java Test Sandbox versions prior to 1.11.2. An attacker can exploit this vulnerability to execute arbitrary...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

CVE-2024-22419 concat built-in can corrupt memory in vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...

Unit Testing Frameworks: A Quick Comparison

Stepping Forward in Understanding Software Unit Evaluation Venturing into the realm of software creation, emphasizing quality takes center stage. This gold standard governs aspects such as operational capabilities, dependability, and the overall performance of your software. Regular assessments, ...

Oracle Application Testing Suite DoS (January 2024 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the January 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Access to system data Oracle...

crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)

Impact On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn parts of the secret key. Patches Patched in https://github.com/kudelskisecurity/crystals-go/pull/21 Note This library was written as part of a MsC student project in the...

Exploit for Command Injection in Ivanti Connect_Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

Malicious code in testing-burp-library-please-ignore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2249726c84e729bde202820bcc2ac6cdfaec65115b09e7505b33a51158988aad The OpenSSF Package Analysis project identified 'testing-burp-library-please-ignore' @ 1.0.0 npm as malicious. It is considered malicious becaus...

OESA-2024-1072 testng security update

TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality that make it more powerful and easier to use, such as: Annotations. Run your tests in arbitrarily big thread pools with various policies available all methods in their own thread, one thread per tes...

The vulnerability of the password-recovery.php script of the testing management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the password-recovery.php script of the testing management system related to the PHPGurukul Nipah Virus Testing Management System lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL...

Microsoft Security Update Validation Report January 2024

Microsoft’s January 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...