Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2023-2187)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: CVE-2023-0464 may affect IBM CICS TX Advanced 10.1

Summary CVE-2023-0464 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains...

Medium: openssl

Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...

Amazon Linux 2 : openssl (ALAS-2023-2073)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2073 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...

Debian DSA-5417-1 : openssl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5417 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy...

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

Google on Wednesday announced the 0.1 Beta version of GUAC short for Graph for Understanding Artifact Composition for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

MAL-2023-950 Malicious code in vue2ejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 471c4327f895aee34fd25c781189cda3025f1a3d22c0bba59cd767f95a277194 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-622 Malicious code in next2ejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a38f3ed2458e9188f19672ebadf7f1bf9aae21e644c654fb82d93cc4b55abed0 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

USN-6077-1: OpenJDK vulnerabilities

Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2023-21930 It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could...

MAL-2023-1554 Malicious code in ipstringfy (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx deea2822e14722106952d830748fc4b8c86f7613827ea90caaeb796f9a9eb9f4 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1552 Malicious code in ipmacjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ab84a2353b9369f7696a6a8689cc3a152925fb4b13bcc3eff073e721b55aadff Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Malicious code in iputiljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx afae793385a3a9bd4042264ed9f4c13109e7e52bd1033d71b4032ebbf6a46a1b Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1046 Malicious code in json2stringfy (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2e42c4a993125bac35486d178cd7356e08471fc96b79862efed3c64ae4f1d7d6 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1557 Malicious code in jsontostream (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8cf6eca7a81571a14b52b17b7b9bfe99f347e67564d0dd421276aac3552ac297 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1556 Malicious code in jsontobinary (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 31cd4cd413663a1b31485b3f8d93d643b462e9331b416f3aec9e6f0bde0aa8c2 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

EulerOS 2.0 SP10 : shim (EulerOS-SA-2023-1812)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that...

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an Industrial Control Systems ICS advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the...

Malicious code in algo-svnlook (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 43c5a376e52bfedce15db5be9f98c7b41f7f9b385af24f412be974fa117f22a4 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1547 Malicious code in algo-svnlook (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 43c5a376e52bfedce15db5be9f98c7b41f7f9b385af24f412be974fa117f22a4 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...