PT-2023-8538 · Gitlab · Gitlab Ee Ultimate +2

Name of the Vulnerable Software and Affected Versions: GitLab EE Premium and Ultimate versions 16.4.3 through 16.6.1 Description: The issue is related to inadequate access control in GitLab, allowing subgroup members with the Developer role to potentially push or merge to protected branches in...

Raftt is Now Part of Wiz! Together We Are Empowering Developers.

Wiz is committed to building a solution that security and development teams want. With the acquisition of Raftt, we’re gaining velocity on that journey...

CVE-2023-6460 Information leak in nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...

[SECURITY] Fedora 39 Update: tor-0.4.8.9-1.fc39

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

ALSA-2023:7096 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain

Today, CISA, the National Security Agency NSA, and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework ESF, this guidance provides software developers and suppliers with industry...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

RHEL 9 : python-cryptography (RHSA-2023:6615)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6615 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...

ALSA-2023:6615 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

Number withdrawn

Online Job Portal is an online job portal for janobe individual developers. This CVE number has been withdrawn...

Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment MASA audit. "We've launched this banner beginning with VPN apps due to the sensitive an...

Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”

Note: If youre a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission at...

Trojanized PyCharm Software Version Delivered via Google Search Ads

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python...

[SECURITY] Fedora 37 Update: libwebp-1.3.2-2.fc37

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called...

Malicious code in pyefflorer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9db59fb1fff1df375feb9a17164f004b62a2d5fa194dcc285341536b6bfb51aa Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

[SECURITY] Fedora 37 Update: openmpi-4.1.4-6.fc37

Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI in order to build the best MPI library available. A completely new MPI-2 compliant...