137 matches found
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:3122-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3122-1 advisory. python-tornado: - Security fixes: CVE-2023-28370: Fixed an open redirect issue in the static file handler bsc1211741 kiwi-desc-saltboot: -...
SUSE: Security Advisory (SUSE-SU-2023:3144-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2917-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Update to version 9.5.5: CVE-2023-3128: Fix authentication bypass using Azure AD OAuth bsc1212641, jscPED-3694 Bug fixes: Auth: Show invite button if disable login form is set to false. Azure: Fix Kusto auto-completion for Azure datasources. RBAC...
SUSE-SU-2023:2915-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Update to version 9.5.5: CVE-2023-3128: Fix authentication bypass using Azure AD OAuth bsc1212641, jscPED-3694 Bug fixes: Auth: Show invite button if disable login form is set to false. Azure: Fix Kusto auto-completion for Azure datasources. RBAC...
SUSE: Security Advisory (SUSE-SU-2023:2794-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
org.apache.inlong:manager-client (>=1.4.0 <=1.6.0), org.apache.inlong:manager-client-examples (>=1.4.0 <=1.6.0) +2 more potentially affected by CVE-2023-31058 via org.apache.inlong:manager-common (>=1.4.0 <=1.6.0)
org.apache.inlong:manager-common MAVEN version =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.6.0 Source cves: CVE-2023-31058 Source advisory: OSV:GHSA-C3RH-F2W5-FGHM...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2575-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2575-1 advisory. grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410:...
SUSE: Security Advisory (SUSE-SU-2023:2578-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2579-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...
SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...
SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...
SUSE: Security Advisory (SUSE-SU-2023:2183-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2183-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning bsc1208051 prometheus-blackboxexporter: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning...
SUSE-SU-2023:2182-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: prometheus-blackboxexporter: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning bsc1208062 - Other non-security bugs fixed and changes: Add minversion parameter of tlsconfig to allow enabling TLS 1.0 and 1.1 bsc1209113 On...
SUSE-SU-2023:1903-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...
SUSE-SU-2023:1902-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...
SUSE: Security Advisory (SUSE-SU-2023:0812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0352-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Update to version 8.5.15 jscPED-2617: CVE-2022-39306: Fix for privilege escalation bsc1205225 CVE-2022-39307: Omit error from http response when user does not exists bsc1205227 - Update to version 8.5.14: CVE-2022-39201: Fix do not forward login...
MAL-2023-994 Malicious code in yandex-yt-transfer-manager-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5e8ad10f31088a063adf3ff93799c1850d56418c603e0af2e811977873b7ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview yandex-yt-transfer-manager-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...