Repository for Software Attestation and Artifacts Now Live

Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of...

SUSE: Security Advisory (SUSE-SU-2024:0813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:1864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-35471 CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2

Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...

Silicon Labs Ember ZNet Code Issue Vulnerability

Silicon Labs Ember ZNet is a protocol stack software from Silicon Labs, Inc. A code issue vulnerability exists in Silicon Labs Ember ZNet SDK prior to version v7.4.0 that stems from the presence of a NULL pointer dereference, which may cause a system crash...

SUSE: Security Advisory (SUSE-SU-2024:0578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Top Software Development Outsourcing Trends

By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends...

Siemens Polarion ALM Faulty Default Privileges Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. Siemens Polarion ALM has a false default privilege vulnerability that can be exploited by an attacker to...

Silicon Labs Gecko SDK Security Vulnerability

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in Silicon Labs Gecko SDK v4.4.0 and earlier versions, which stems from ...

Siemens Polarion ALM Authentication Error Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. An authentication error vulnerability exists in Siemens Polarion ALM, which can be exploited by an attacker to...

SUSE: Security Advisory (SUSE-SU-2024:0520-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5 Ways to Maximize the Impact of IaC Scans

By Uzair Amir Infrastructure-as-code IaC continues to gain traction and is even hailed for having changed software development towards greater efficiency… This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans...

Intel SDK for OpenCL(TM) Applications Security Vulnerability

Intel SDK for OpenCLTM Applications is a full-featured development environment from Intel Corporation. A security vulnerability exists in the Intel SDK for OpenCLTM Applications software that stems from an uncontrolled search path issue that could lead to privilege escalation via local access by ...

CVE-2024-23344

CVE-2024-23344 describes an information-disclosure risk in Tuleap where, during a multi-user permission validation, some users could access restricted information (e.g., contents of artifacts or email notifications). The issue is categorized as an authorization/bypass-type disclosure affecting Tu...

CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...

SUSE: Security Advisory (SUSE-SU-2024:0265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection

CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the syncNtpTime function of Vinchin Backup and...

Evolution of AI Assistants: Navigating Breakthroughs in Software Development

By Owais Sultan We are now at the age of advanced AI assistants. This unique software significantly simplifies our everyday tasks,… This is a post from HackRead.com Read the original post: Evolution of AI Assistants: Navigating Breakthroughs in Software Development...