Siemens Solid Edge Uninitialized Pointer Access Vulnerability (CNVD-2024-01400)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. An uninitialized pointer access vulnerability exists in Siemens Solid Edge, which can be exploited by an attacker to execute code in the...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause global buffer overflow CVE-2023-39615 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

PT-2024-13757 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy issue exists in the userRecoverPass.php recoverPass generation functionality. This can be exploited by sending a specially crafted HTTP request, potentially leading...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

DEBIAN-CVE-2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureGptTable function...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureImage function...

Amazon Linux 2 : perl-HTTP-Daemon (ALAS-2024-2405)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2405 advisory. HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which cou...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the Tianocore community. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the CreateHob function...

SUSE: Security Advisory (SUSE-SU-2024:0037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0045-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

Rapid7’s Data-Centric Approach to AI in Belfast

Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-50253

Summary: CVE-2023-50253 affects Laf, a cloud development platform. Versions 1.0.0-beta.13 and earlier expose a log retrieval interface that does not verify pod permissions, allowing authenticated users to read any pod logs within the same namespace and access sensitive information printed in logs...

IBM Rational Asset Manager Privilege Control Issue Vulnerability

IBM Rational Asset Manager is a collaborative software development tool from IBM, USA. Organizations can use it to identify, manage and govern the design, development and use of software assets and services. A privilege control issue vulnerability exists in IBM Rational Asset Manager version 7.5...

SUSE: Security Advisory (SUSE-SU-2023:4982-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: tor-0.4.8.10-1.fc38

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

SUSE: Security Advisory (SUSE-SU-2023:4972-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...