Embedded Malicious Code

Overview @cap-js/db-service is a CDS base database service Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are activel...

[SECURITY] Fedora 42 Update: aqualung-1.2-10.fc42

Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks...

[SECURITY] Fedora 43 Update: aqualung-1.2-12.fc43

Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks...

EUVD-2019-18312

Malware in sbrugna...

EUVD-2006-5369

Malware in sbrugna...

Malicious code in cds-shared (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47621 Malicious code in cds-shared (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-21-openjdk (SUSE-SU-2024:3954-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3954-1 advisory. - Update to upstream tag jdk-21.0.5+13 October 2024 CPU Security fixes + JDK-8307383: Enhance DT...

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.5+13 October 2024 CPU Security fixes JDK-8307383: Enhance DTLS connections JDK-8311208: Improve CDS Support JDK-8328286, CVE-2024-21208, bsc1231702: Enhance HTTP client JDK-8328544, CVE-2024-21210,...

This Week in Spring - September 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not...

Spring Boot CDS support and Project Leyden anticipation

How can Spring Boot developers improve the runtime efficiency of their applications with minimal constraints in order to enjoy those benefits on most applications? The answer is the CDS support introduced by Spring Boot 3.3 which allows you to start your Spring Boot applications faster and consum...

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,...

Malicious code in cds-banking-prd-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a80797432aad825151adf407bf1a7df167013faed787f2530a93f1736f2a0084 The OpenSSF Package Analysis project identified 'cds-banking-prd-viewer' @ 99.3.0 npm as malicious. It is considered malicious because: - The...

BIT-ENVOY-2022-23606 Crash when a cluster is deleted in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle...

cds-service.com Cross Site Scripting vulnerability OBB-3839235

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.2.0 <=2.4.0) +5 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:spring-security MAVEN version =3.0.0, =2.2.0, =2.2.0, =1.0.4, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cds:cds-starter-cloudfoundry (>=2.0.1 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.0.1 <=2.4.0) +2 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=3.0.0 <=3.2.1)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =3.0.0, =2.0.1, =2.0.1, =3.0.0, =3.0.0, =3.2.1 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cds:cds-starter-cloudfoundry (>=1.19.0 <=1.34.7), com.sap.cds:cds-starter-k8s (>=1.34.0 <=1.34.7) +4 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.3.0 <=2.16.0)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =1.3.0, =1.19.0, =1.34.0, =2.11.16, =2.10.0, =1.3.0, =1.6.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

cds-manutention.com Improper Access Control vulnerability OBB-3795344

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

java-21-openjdk security and bug fix update

1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...