Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis allows a perpetrator to delete data from the KV Store.

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis is related to deficiencies in access control to the KV Store. Exploiting this vulnerability could allow a malicious actor to delete data from the KV Store...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Coldriver threat group targets high-ranking officials to obtain credentials

Researchers at Google’s Threat Analysis Group TAG have published their findings about a group they have dubbed Coldriver. The main targets of the Coldriver group are high-profile individuals in non-governmental organizations NGOs, former intelligence and military officials, and NATO governments...

COLDRIVER Expands Beyond Phishing, Incorporating Custom SPICA Backdoor

Summary: The threat actor associated with Russia, known as COLDRIVER or Star Blizard, has expanded its tactics from mere credential harvesting. The group has initiated campaigns where PDFs are employed as lure documents to distribute malware. Notably, COLDRIVER has introduced its first custom...

VulnCheck KEV: CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

[SECURITY] Fedora 39 Update: golang-1.21.6-1.fc39

The Go Programming Language...

[SECURITY] Fedora 39 Update: redis-7.2.4-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Fedora: Security Advisory (FEDORA-2024-6ef42a28c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A Bootiful Podcast: programming language archaeologist Ted Neward

Hi, Spring fans! In this installment, I talk to programming language archaeologist Ted Neward...

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

Delta Electronics ISPSoft Buffer Error Vulnerability

Delta Electronics ISPSoft is a PLC Programmable Logic Controller programming software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics ISPSoft that stems from a heap buffer overflow vulnerability...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

python3 security update

CentOS Errata and Security Advisory CESA-2023:6823 An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

USN-6574-1: Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...

The vulnerability of the Go programming language’s net/http package, which allows attackers to exploit and disclose protected information

The vulnerability of the net/http package in the Go programming language is related to the exposure of sensitive information. Exploiting this vulnerability allows an attacker, operating remotely, to disclose protected information...

The vulnerability of the cmd-go programming language component, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the cmd-go component in the Go programming language is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...