Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place wh...

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

The vulnerability of the input/output function in the next-generation software for Cisco Enterprise NFV Infrastructure Software (NFVIS), which allows a hacker to enhance their privileges

The vulnerability of the input/output function in the next-generation software for Cisco Enterprise NFV Infrastructure Software NFVIS is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending API calls from a virtual...

ROS-20220516-06

A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...

GHSA-H972-CWJV-2V39 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...

Vulnerability of the API components of Google Chrome and Microsoft Edge, allowing attackers to execute arbitrary code

The vulnerability of Google Chrome and Microsoft Edge browser APIs is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host...

CVE-2022-29848

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in Gitlab CE/EE. An attacker could exploit the...

Moderate: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

ALSA-2022:1764 Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

Fedora: Security Advisory for ruby (FEDORA-2022-8cf0124add)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

squirrel SQL Injection Vulnerability

squirrel is the stable version of the programming language SQUIRREL 3.2. A security vulnerability exists in squirrel version 3.2, which stems from the lack of a specific sqreservestack call to threadcall in sqbaselib.cpp. No detailed vulnerability details are currently available...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openshift-origin-controller is a The OpenShift Origin Controller is a Rails plugin which provides the models and controllers which implement the application and user management functionality and provides a REST API. Affected versions of this package are vulnerable to Improper...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from a security vulnerability that could be exploited by an attack...