8752 matches found
SUSE CVE-2021-28211
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II...
SUSE CVE-2021-42859
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release...
SUSE CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master...
SUSE CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...
SUSE: Security Advisory (SUSE-SU-2023:0390-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0397-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0337-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unauthorized Access Vulnerability in the Development Center of Beijing Acontrol Technology Development Co.
Ltd. is an automation software platform high-tech enterprise. Ltd. development center there is unauthorized access vulnerability, attackers can use the vulnerability to obtain sensitive information...
The vulnerability of the DIAScreen development environment for industrial equipment arises from the possibility of operations exceeding the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the DIAScreen development environment for industrial equipment is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Rails Development Mode Enabled
The Ruby on Rails RoR web framework uses three environments by default : test, development and production. When running in development mode, the application will render diagnostic pages and expose all the routes available, leaking internal information about the application. In some cases, the...
SUSE: Security Advisory (SUSE-SU-2023:0286-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mitigate risk by integrating threat modeling and DevOps processes
Agile and DevOps are without any doubt two of the biggest security trends of recent years. The rapid rise of the cloud has only fueled the need for flexibility and dynamicity. Therefore, it’s natural for developers and organizations to seek methodologies and tools for addressing new requirements...
Don’t Let API Leaks Sink Your Ship | API Security Newsletter
Leaks of API keys and other secrets. The industry has been abuzz with news about attacks – and the ongoing ripple effect – involving leaked API keys, credentials and other secrets. This adds another dimension to your API attack surface, which in turn complicates your defenses and adds to your...
[SECURITY] [DLA 3306-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 01, 2023 https://wiki.debian.org/LTS -...
Privilege escalation
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...
CVE-2023-0524
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...
CVE-2023-0524
CVE-2023-0524 concerns a privilege-escalation issue in Tenable products. The authenticated attacker could modify environment variables and, by abusing an impacted plugin, escalate privileges. Affected products mentioned across sources include Tenable Nessus, Tenable.io, and Tenable.sc. The underl...
CVE-2023-0524
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...
PHP Development Server Information Disclosure Vulnerability
PHP is a widely used general purpose scripting language that is particularly well suited for web development and can be embedded in HTML.An information disclosure vulnerability exists in PHP Development Server, which stems from a logic flaw in the php cli server begin send static when parsing htt...
java security update
CentOS Errata and Security Advisory CESA-2023:0203 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...