8749 matches found
CVE-2023-38508
Summary: CVE-2023-38508 affects Tuleap: Community Edition < 14.11.99.28 and Enterprise Edition < 14.10-6,
[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.15-1.fc38
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...
CODESYS Development System Installed (Windows)
Binary data codesyssystemdevelopmentwininstalled.nbin...
SUSE: Security Advisory (SUSE-SU-2023:3398-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
编号撤回
OpenJDK is an open source version of the OpenJDK open source development environment for Java. This CVE number has been withdrawn...
Tackling the OAuth2 Client component model in Spring Security
In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...
Malicious code in web-dev-for-beginners (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-1503 Malicious code in web-dev-for-beginners (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
The vulnerability of software for developing and optimizing Intel AI systems is related to an uncontrolled element in the search process, allowing attackers to enhance their privileges.
The vulnerabilities of the software used in the development and optimization of Intel AI systems are related to an uncontrollable element in the search process. Exploiting these vulnerabilities can allow attackers, who operate remotely, to enhance their privileges...
CVE-2023-28479
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...
Threat Actors Using Obfuscation in Attempt to Evade Detection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...
PT-2023-21748 · Tigergraph · Tigergraph Enterprise
Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the TigerGraph platform, which installs a full development toolchain within every TigerGraph deployment. This allows an attacker to compile new executables on each...
CVE-2023-28479
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...
CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...
Huawei EMUI 安全漏洞
SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with an OPC UA server interface to be connected as OPC UA clients.SIMATIC Drive Controllers are designed for the automation of production machines and combine the...
[SECURITY] Fedora 38 Update: php-8.2.9-2.fc38
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...
[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Intel PSR Code Issue Vulnerability
Intel PSR is a management and security status application from IntelR Corporation. A security vulnerability exists in IntelR PSR SDK versions prior to 1.0.0.20. An attacker can exploit the vulnerability to elevate privileges...
The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.
The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...