Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations

The suspected Pakistan-aligned threat actor known as SideCopy has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India's Defence Research and Development Organizatio...

Apache StreamPark Input Validation Error Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from an input validation error vulnerability that stems from the fact that when a user modifies his or her profile, the username is passed as a paramet...

ROS-20230504-03

A vulnerability in the minimatch package of the Node.js software development platform is related to a call to the braceExpand function with with certain arguments. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a denial of service...

SUSE: Security Advisory (SUSE-SU-2023:1824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-30619

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

Code injection

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

CVE-2023-30619 XSS in the tooltip via an artifact title

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

The vulnerability in the `pkgconf_tuple_parse` function (libpkgconf/tuple.c) of the pkgconf development tool, which is used for configuring compiler and assembler flags for development libraries. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the pkgconftupleparse function in the library for configuring compiler and assembler flags for the pkgconf development tool is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a system failu...

libsdl: Multiple Vulnerabilities

Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in SDL. Please review the CVE identifiers...

Fedora: Security Advisory for python-django (FEDORA-2023-8fed428c5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-django (FEDORA-2023-a53ab7c969)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cauldron Development cbang 路径遍历漏洞

Cauldron Development cbang is a C++ utility library from Cauldron Development. A security vulnerability exists in Cauldron Development cbang bastet-v8.1.17 and earlier, which stems from the presence of directory traversal. An attacker can exploit this vulnerability to create or write files outsid...

Information Disclosure

gatsby-plugin-sharp is vulnerable to Information Disclosure. The vulnerability is due to a path traversal when running the Gatsby development server because it exposes several image processing functions which allows an attacker to gain access to arbitrary files on the host...

java-11-openjdk security update

An update is available for java-11-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...

RLSA-2023:1909 Important: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

SUSE CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success

Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech. In Belfast, we offer both an Apprentice Programme and a Placement Programme to support new talent coming into the tech field. The Apprentice Programme is designed for individuals...