GitLab < 15.6.8 (CRITICAL-SECURITY-RELEASE-GITLAB-15-8-2-RELEASED)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

Incorrect Termination Condition

Lines of code Vulnerability details The provided termination condition if pos = size / 2 && pos = size is incorrect. This condition is not suitable for terminating the maxHeapify function. It should instead be based on comparing values in the heap to ensure the max heap property. The condition if...

Efficiency

Lines of code Vulnerability details Depending on the size of your heap, the while loop may execute a significant number of times. Consider whether you can optimize this loop for performance, especially if you expect a large number of insertions. Assessed type Loop --- The text was updated...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Microsoft Teams 2.1 supported for VDI/DaaS

Information Overview Microsoft has released new Teams for VDI in early December 2023. The new version of Teams has been re-implemented and promises improvements in performance, memory consumption, usability, and security. Here is a link to some information about the new Teams -...

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

CVE-2023-49746

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

CVE-2023-49746

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

CVE-2023-49746

CVE-2023-49746 affects the WordPress SpeedyCache Plugin up to version 1.1.2, with a Server-Side Request Forgery (SSRF) vulnerability in SpeedyCache – Cache, Optimization, Performance. The Red Hat and OpenVAS entries corroborate SSRF in this plugin, and Patchstack lists 1.1.3 as the fix. The root ...

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor : Mitsubishi Electric Equipment : MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities : Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Website Optimization – Plerdy < 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Plugin Website Optimization - Plerdy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

When Maximum Effort Doesn't Equate to Maximum Results

It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners. The trick is...

SUSE: Security Advisory (SUSE-SU-2023:4480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

What is Quality of Service?

Dominating an imperative role in boosting the so-called 'efficiency quotient' within a networking system is the Quality of Service or QoS. Let's dive in and explore the crucial components that make QoS pivotal. In essence, QoS is a blend of a multitude of methodologies and hi-tech devices,...