Fedora: Security Advisory (FEDORA-2023-2f86a608b2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-40691

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805...

IBM Cloud Pak for Business Automation Information Disclosure Vulnerability

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An information disclosure vulnerability exists in IBM Cloud Pak for Business...

CVE-2023-5061

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

CVE-2023-5061 Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

Meta’s Purple Llama wants to test safety risks in AI models

Meta has announced Purple Llama, a project that aims to "bring together tools and evaluations to help the community build responsibly with open generative AI models." Generative Artificial Intelligence AI models have been around for years and their main function, compared to older AI models is th...

PT-2023-8538 · Gitlab · Gitlab Ee Ultimate +2

Name of the Vulnerable Software and Affected Versions: GitLab EE Premium and Ultimate versions 16.4.3 through 16.6.1 Description: The issue is related to inadequate access control in GitLab, allowing subgroup members with the Developer role to potentially push or merge to protected branches in...

Raftt is Now Part of Wiz! Together We Are Empowering Developers.

Wiz is committed to building a solution that security and development teams want. With the acquisition of Raftt, we’re gaining velocity on that journey...

CVE-2023-6460 Information leak in nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...

[SECURITY] Fedora 39 Update: tor-0.4.8.9-1.fc39

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

ALSA-2023:7096 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain

Today, CISA, the National Security Agency NSA, and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework ESF, this guidance provides software developers and suppliers with industry...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

RHEL 9 : python-cryptography (RHSA-2023:6615)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6615 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...

ALSA-2023:6615 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment MASA audit. "We've launched this banner beginning with VPN apps due to the sensitive an...