4419 matches found
MAL-2024-20 Malicious code in yield-api-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd5cbdb7d4a993fa1eaa24b6a76752bcaef2b40f325168ed535651ab0b116a48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2023-46604]
Summary IBM Security SOAR uses an older version of Apache ActiveMQ that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack. CVE-2023-46604 Vulnerability Details...
What is the maximum length of a log entry in var/log/ns.log
...
GHSA-X5FR-7HHJ-34J3 Full Table Permissions by Default
Default table permissions in SurrealDB were FULL instead of NONE. This would lead to tables having FULL permissions for SELECT, CREATE, UPDATE and DELETE unless some other permissions were specified via the PERMISSIONS clause. We have decided to treat this behaviour as a vulnerability due to its...
Full Table Permissions by Default
Default table permissions in SurrealDB were FULL instead of NONE. This would lead to tables having FULL permissions for SELECT, CREATE, UPDATE and DELETE unless some other permissions were specified via the PERMISSIONS clause. We have decided to treat this behaviour as a vulnerability due to its...
SUSE-SU-2023:4870-1 Security update for cosign
This update for cosign fixes the following issues: Updated to 2.2.1 jscSLE-23879 - Enhancements: CVE-2023-46737: Possible endless data attack from attacker-controlled registry bsc1216933 feat: Support basic auth and bearer auth login to registry 3310 add support for ignoring certificates with...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service due to [CVE-2022-25883]
Summary Node.js semver is used by the Node.js runtime in IBM App Connect Enterprise Certified Container operants. IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service. This bulletin provides patch information to address the reported...
CVE-2023-49803
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
GHSA-QXRJ-HX23-XP82 Overly permissive origin policy
Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...
Overly permissive origin policy
Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...
Py-Amsi - Scan Strings Or Files For Malware Using The Windows Antimalware Scan Interface
py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface AMSI API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antiviru...
PortSwigger Web Security: The role "CI-driven scan initiator" provides excessive read access
The reporter noticed that all authenticated users were able to access certain non-sensitive information such as metadata about third-party integrations. This was found to be by design, and the documentation was updated to clarify the information available to all authenticated users...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : PostgreSQL vulnerabilities (USN-6538-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6538-1 advisory. Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote...
GHSA-X9QQ-236J-GJ97 Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Summary If a user has restricted access to a project that is configured with restricted=true, they can gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is possible because the shift property is not restricted unless...
Fedora: Security Advisory for kernel-tools (FEDORA-2023-a7b89262c6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for kernel-tools (FEDORA-2023-15deb2e32a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: kernel-tools-6.6.3-100.fc38
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 39 Update: kernel-tools-6.6.3-200.fc39
This package contains the tools/ directory from the kernel source and the supporting documentation...