API - API Security Blog

Malicious code in pt-api-tools (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (78627b7277f79f6b0febc6c2efde348085a7bf7363ebc2986ac5d3e2ce2329d1) Any computer that has this package installed or running sh ...

April 02, 2024

CasaOS Username Enumeration – Bypass of CVE-2024-24766

The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS ...Read More ...

April 01, 2024

[SECURITY] [DLA 3778-1] libvirt security update

Debian LTS Advisory DLA-3778-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 01, 2024 https: ...

April 01, 2024

K000139141 : liblzm vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a ...

April 01, 2024

K000139140 : util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specificall ...

April 01, 2024

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to IBM WebSphere Application Server Liberty (CVE-2023-44483)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Appl ...

April 01, 2024

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a loca ...

April 01, 2024

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

April 01, 2024