SUSE: Security Advisory (SUSE-SU-2023:0058-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...

SUSE: Security Advisory (SUSE-SU-2022:4483-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens Polarion ALM Host Header Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...

CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This on...

CVE-2022-46160

Tuleap dashboards CVE-2022-46160 affects versions prior to 14.2.99.104 (Community Edition) and 14.2-4 / 14.1-5 (Enterprise). The root cause is improper verification of project-level authorizations when accessing a project homepage/dashboards, allowing users not authorized to the project to retrie...

PT-2022-27777 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 14.2.99.104 Tuleap Community Edition version 14.2.99.104 Tuleap Enterprise Edition version 14.2-4 Tuleap Enterprise Edition version 14.1-5 Description: Tuleap is an Open Source Suite to improve management of software...

GSD-2022-1007890 iio: adc: mp2629: fix potential array out of bound access

iio: adc: mp2629: fix potential array out of bound access This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...

GSD-2022-1007736 kcm: close race conditions on sk_receive_queue

kcm: close race conditions on skreceivequeue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

SUSE: Security Advisory (SUSE-SU-2022:4332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:4335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2022:8833 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1, nodejs-nodemon 2.0.20. BZ2142818 Security Fixes: nodejs-minimatch: ReDoS vi...

SUSE: Security Advisory (SUSE-SU-2022:4296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

SUSE: Security Advisory (SUSE-SU-2022:3992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3957-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-17798 · Intel · Intel Mc +2

Name of the Vulnerable Software and Affected Versions: IntelR AMT SDK versions prior to 16.0.4.1 IntelR EMA versions prior to 1.7.1 IntelR MC versions prior to 2.3.2 Description: The issue involves insufficiently protected credentials in the software, potentially allowing an authenticated user to...

PT-2022-18457 · Intel · Intel Sgx Sdk

Name of the Vulnerable Software and Affected Versions: IntelR SGX SDK software affected versions not specified Description: The issue is related to the premature release of a resource during its expected lifetime, which may allow a privileged user to potentially enable information disclosure via...

SUSE: Security Advisory (SUSE-SU-2022:3939-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...