Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and

The Hacker News
Open in Source
#vulnerability#web#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#apache#git#oracle#intel#rce#vmware#lenovo#amd#samsung#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
RHSA-2023:2326: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39282: A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information. * CVE-2022-39283: A vulnerability was found in FreeRDP where all clients using the /video comma...

CVE-2021-28998: CVE/File_upload_to_RCE.md at master · beerpwn/CVE

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.

GHSA-jchm-fm4q-c2fp: Apache Airflow vulnerable to Privilege Context Switching Error

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0.

GHSA-vcf6-3wv2-5vcr: Apache Airflow vulnerable to stored Cross-site Scripting

Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0.

CVE-2023-25754: Make permissions for FileTaskHandler group-writeable and configurable by potiuk · Pull Request #29506 · apache/airflow

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

CVE-2023-29247: Improve url detection for task instance details by pierrejeambrun · Pull Request #30779 · apache/airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

CVE-2023-31039

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218