Fedora: Security Advisory (FEDORA-2023-9de52d46bd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not...

AWS SDK for PHP Path Traversal Vulnerability

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services from Amazon.com, Inc. based on the PHP platform. A path traversal vulnerability exists in AWS SDK for PHP versions prior to 3.288.1, which stems from the presence of a URI path traversal vulnerability...

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-05880)

Data Leakage Protection DLP system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection DLP system of Beijing Yisetong Technology Development Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by...

SUSE: Security Advisory (SUSE-SU-2023:4942-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-31869

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.288.1 Description A URI path traversal issue exists in the AWS SDK for PHP, specifically within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot. This issue is possible du...

PT-2023-8248 · Gitlab · Gitlab Remote Development +1

Name of the Vulnerable Software and Affected Versions: GitLab Remote Development versions prior to 16.5.6 GitLab Remote Development version 16.6 prior to 16.6.4 GitLab Remote Development version 16.7 prior to 16.7.2 Description: The issue is related to improper access control in GitLab Remote...

Russian SVR Exploits Critical TeamCity Vulnerability Globally

Summary: A critical vulnerability CVE-2023-45247 in JetBrains TeamCity is actively exploited by Russias SVR cyber actors APT 29, allowing full server compromise. The targeted software widely used by developers poses a significant threat, enabling access to sensitive information and potential...

The vulnerability of the server.transformIndexHtml() function on the local development server of the Vite application allows attackers to perform cross-site scripting attacks.

The vulnerability of the server.transformIndexHtml function on the local development server of the Vite application is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access...

Zoom Security Breach

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. Zoom suffers from a security vulnerability that stems from improper access control. An attacker could exploit this vulnerability to disclose information via network access. The following product...

Zoom Security Breach

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. Zoom suffers from a security vulnerability. An attacker could exploit this vulnerability to disclose information via network access. The following products and versions are affected: Zoom Mobile...

Zoom VDI Client Security Vulnerability

Zoom VDI Client is a server-based computing model client from Zoom USA that allows you to deliver desktop images to endpoint devices over a network. A security vulnerability exists in Zoom. An attacker has exploited the vulnerability to perform privilege escalation via network access. The followi...

SUSE: Security Advisory (SUSE-SU-2023:4736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-48225

CVE-2023-48225 affects Laf prior to v1.0.0-beta.13, where lax control of app environment variables enables leakage of sensitive data from secrets/configmaps via k8s envFrom. Root cause described: ES6 object references cause the entire referenced object to be embedded into the deployment template ...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause global buffer overflow CVE-2023-39615 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...