Intel SDK for OpenCL(TM) Applications Security Vulnerability

Intel SDK for OpenCLTM Applications is a full-featured development environment from Intel Corporation. A security vulnerability exists in the Intel SDK for OpenCLTM Applications software that stems from an uncontrolled search path issue that could lead to privilege escalation via local access by ...

UBUNTU-CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:0790 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: vulnerable to Minerva side-channel information leak CVE-2023-6135 For more details about the security issues, including t...

Micronaut management endpoints vulnerable to drive-by localhost attack

Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...

GHSA-583G-G682-CRXF Micronaut management endpoints vulnerable to drive-by localhost attack

Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...

Design/Logic Flaw

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition allows attackers to disclose protected information.

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...

CVE-2024-23344

CVE-2024-23344 describes an information-disclosure risk in Tuleap where, during a multi-user permission validation, some users could access restricted information (e.g., contents of artifacts or email notifications). The issue is categorized as an authorization/bypass-type disclosure affecting Tu...

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

GNAT Ada Suite: Remote Code Execution

Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

SUSE: Security Advisory (SUSE-SU-2024:0265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the set of tools for web development, DevTools, available in Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allows a hacker to escalate their privileges.

The vulnerability of the DevTools suite for web development in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...

Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection

CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the syncNtpTime function of Vinchin Backup and...

AI likely to boost ransomware, warns government body

The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...