MAL-2023-8041 Malicious code in zmsqlite3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c536bdeaf8a35a5a0507e07124cd43448dffc1c837cd5b585df38848bdd5bed Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

UBUNTU-CVE-2023-32216

Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.2.0, which originates from an externally controlled file name or path...

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

forum-java 跨站脚本漏洞

forum-java is a Chinese Qbian individual developers with Java spring boot implementation of a modern community forum / Q&A / BBS / social network / blog system platform. A security vulnerability exists in Qbian61 forum-java, which stems from a cross-site scripting XSS vulnerability that allows an...

MAL-2023-8030 Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

What’s New for Developers: April 2023

...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

CVE-2023-29192

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19...

SilverwareGames.io 安全漏洞

Silverware Games SilverwareGames.io is an online game site from Silverware Games, Inc. A security vulnerability exists in SilverwareGames.io prior to version 1.2.19, which originated from a vulnerability that allows users to access the game upload panel and edit the download links of games upload...

Matrix clients -- Prototype pollution in matrix-js-sdk

Matrix developers report: Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a pair of High severity vulnerabilities CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk. The issues involve prototyp...

What’s New for Developers: March 2023

...

Updated firefox packages fix security vulnerability

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...

Loan Management System 跨站脚本漏洞

Loan Management System is a loan management system by razormist individual developers. A security vulnerability exists in SourceCodester Loan Management System version 1.0, which stems from a cross-site scripting XSS vulnerability...

Augmented Software Engineering in an AI Era

Artificial Intelligence AI has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the field. However, with this...

Fedora: Security Advisory for python-cryptography (FEDORA-2023-672f668f51)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: python-cryptography-36.0.0-4.fc36

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

Fedora 38 : python-cryptography (2023-749dd47c79)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-749dd47c79 advisory. Security fix for CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Fedora 36 : python-cryptography (2023-672f668f51)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-672f668f51 advisory. Security fix for CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...