[SECURITY] Fedora 36 Update: golang-gioui-0-9.20201225git18d4dbf.fc36

Immediate mode GUI programs in Go for Android, iOS, macOS, Linux, FreeBSD, OpenBSD, Windows, and WebAssembly experimental. See the project page gioui. org for documentation and more information...

[SECURITY] Fedora 36 Update: golang-github-akavel-rsrc-0.10.2-5.fc36

Tool for embedding binary resources in Go programs...

CVE-2022-2030

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100W firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 throu...

Fedora: Security Advisory for golang-gioui (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-akavel-rsrc-0.10.2-4.fc35

Tool for embedding binary resources in Go programs...

[SECURITY] Fedora 35 Update: golang-gioui-0-8.20201225git18d4dbf.fc35

Immediate mode GUI programs in Go for Android, iOS, macOS, Linux, FreeBSD, OpenBSD, Windows, and WebAssembly experimental. See the project page gioui. org for documentation and more information...

Hyperledger: Fix : (Security) Mitigate Path Traversal Bug

Unsanitized input from arg0 argument flows into java.io.FileOutputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. Impact Being able to access and manipulate an arbitrary path leads to vulnerabilities when a...

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

Fedora: Security Advisory for golang-gioui (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.14.20210123gitc934e1b.fc36

This repository holds utilities and libraries for debugging Go programs...

AstraLocker 2.0 ransomware isn’t going to give you your files back

Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called "smash and grab" ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find...

HackerOne: Disclosing PolicyPageAssetGroup in Private Programs via /graphql `gid://hackerone/PolicyPageAssetGroupsIndex::PolicyPageAssetGroup/{id}`

The vulnerability allowed unauthorized users to retrieve sensitive information about private bug bounty programs on HackerOne, including program names, scope details, and the titles of reports. The issue was promptly addressed by the HackerOne team, who recognized its critical severity and awarde...

Malicious code in paytm-mini-programs-nodejs-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ece1cd6a416c48321170a5015c0609f18dfe4e705939543fdd5b06d29e4d8bba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

InnoSetup 代码问题漏洞

InnoSetup is a free installer for Windows programs provided by Jordan Russell and Martijn Laan of jrsoftware. A security vulnerability exists in InnoSetup that originates from an uncontrolled search path in the application's installer...

Conducting Modern Insider Risk Investigations

Dealing with risks presented by internal users requires a different approach than those from external threats. This shouldn’t be news to anyone, but it does need to be said since it’s not something that always happens in practice. It’s not uncommon to see the cudgels common to blue teams wielded...

XXL-JOB Cross-Site Scripting Vulnerability (CNVD-2022-66673)

XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...

DEBIAN-CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

Heap overflow

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...