EulerOS 2.0 SP11 : orc (EulerOS-SA-2024-2589)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

RHEL 8 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - The...

RHEL 8 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

GitHub: Source Code and data exfiltration via Github Copilot

The vulnerability was caused by insecure output handling in the Copilot client interfaces. A prompt injection attack was able to result in data exfiltration. The vulnerability was addressed by only rendering images from trusted domains and adding interstitial modals to inform users about link...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

Riot Games compromised, new releases and patches halted

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, were stil...

LastPass Says No User Data Compromised in Cyberattack

By Waqas According to LastPass, threat actor did access its Developer environment but could not compromise sensitive data because of its effective system design and controls. This is a post from HackRead.com Read the original post: LastPass Says No User Data Compromised in Cyberattack...

CentOS 8 : llvm-toolset:rhel8 (CESA-2021:4743)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4743 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested for thi...

CentOS 8 : gcc-toolset-11-gcc (CESA-2021:4586)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4586 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested for thi...

CentOS 8 : gcc-toolset-10-gcc (CESA-2021:4585)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4585 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested for thi...

Moderate: Red Hat Security Advisory: devtoolset-11-gcc security update

An update for devtoolset-11-gcc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : gcc-toolset-10-annobin (RHSA-2021:4592)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4592 advisory. Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fixes: Developer environment: Unicode's...

RHEL 8 : gcc-toolset-10-binutils (RHSA-2021:4588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4588 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

rust-toolset:rhel8 security update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

Scientific Linux Security Update : binutils on SL7.x i686/x86_64 (2021:4033)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:4033-1 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested f...

RHEL 7 : binutils (RHSA-2021:4034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4034 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

Moderate: Red Hat Security Advisory: binutils security update

An update for binutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 : binutils (RHSA-2021:4038)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4038 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

CVE-2020-7389 Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production...