Fedora: Security Advisory (FEDORA-2024-6ef42a28c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A Bootiful Podcast: programming language archaeologist Ted Neward

Hi, Spring fans! In this installment, I talk to programming language archaeologist Ted Neward...

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

Delta Electronics ISPSoft Buffer Error Vulnerability

Delta Electronics ISPSoft is a PLC Programmable Logic Controller programming software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics ISPSoft that stems from a heap buffer overflow vulnerability...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

python3 security update

CentOS Errata and Security Advisory CESA-2023:6823 An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

USN-6574-1: Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...

USN-6038-2: Go vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

RUSTSEC-2024-0005 Unsound sending of non-Send types across threads

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

GLSA-202401-07 : R: Directory Traversal

The remote host is affected by the vulnerability described in GLSA-202401-07 R: Directory Traversal - The R programming language's default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R...

Plotly.js Security Vulnerability

Plotly.js is Plotly open source an independent Javascript data visualization library . Plotly.js version before 2.25.2 has a security vulnerability , the vulnerability stems from a prototype contamination problem in the API call...

What is RabbitMQ?

Grasping the Basics: What is RabbitMQ? Take a step into the realm of software development, where efficient and smooth interaction between various applications is the linchpin. Here, we bring into the mix RabbitMQ. Going down to brass tacks, RabbitMQ serves as a no-cost message broker tool,...

[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

[SECURITY] Fedora 39 Update: python3.12-3.12.1-2.fc39

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Fedora: Security Advisory (FEDORA-2023-d577604e6a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python3.11-3.11.7-2.fc39

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

PT-2023-32722 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks WordPress plugin versions prior to 4.4.3 Description: The issue allows unauthenticated attackers to overwrite local variables when rendering templates over the REST API, potentially leading to Local File Inclusion attacks...