Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...

It's Time to Go After Achieving Zero Code Criticals

Ready to hit Zero Code Criticals? Here's how Wiz helps you get there and stay there, with the badge to prove you did...

Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access

Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to…...

CVE-2024-50060 io_uring: check if we need to reschedule during overflow flush

In the Linux kernel, the following vulnerability has been resolved: iouring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously...

CVE-2024-45874

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe...

CVE-2024-2014

A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprogupstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

Design/Logic Flaw

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

DRUPAL-CONTRIB-2023-011

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

CVE-2022-31362

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Taxonomy Access Control Lite - Critical - Unsupported - SA-CONTRIB-2022-006

Update 2022-03-01. New maintainers have volunteered for the project and created a new release which includes fixes for the 3 security issues that caused the module to be unsupported. The security team is marking this project unsupported. There is a known security issue with the project that has n...

Moderate: Red Hat Security Advisory: Satellite 6.10.2 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

RUSTSEC-2021-0134 rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

Nexus Theme - Critical - Unsupported - SA-CONTRIB-2019-078

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

SendinBlue - Critical - Access bypass - SA-CONTRIB-2019-088

Update: This module had an access bypass vulnerability which has now been addressed by the module’s current maintainers. Original description The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you...

Frequently Asked Questions - Critical - Unsupported - SA-CONTRIB-2019-077

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

JVN#77012922: Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint Microsoft...

Maintain 3.0.0-RC2 Example6.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20560/info Maintain is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PH...

Fedora Update for BackupPC FEDORA-2012-0825

Check for the Version of BackupPC OpenVAS Vulnerability Test Fedora Update for BackupPC FEDORA-2012-0825 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 16 Update: BackupPC-3.2.1-7.fc16

BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX and Mac OS X PCs and laptops to a server's disk. BackupPC is high ly configurable and easy to install and maintain...