Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-7v4r-c989-xh26: BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

### Summary There was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. ### PoC - First, create a file named **model.py** to create a simple model and save it ``` import bentoml import numpy as np class mymodel: def predict(self, info): return np.abs(info) def __call__(self, info): return self.predict(info) model = mymodel() bentoml.picklable_model.save_model("mymodel", model) ``` - Then run the following command to save this model ``` python3 model.py ``` - Next, create **bentofile.yaml** to build this model ``` service: "service.py" description: "A model serving service with BentoML" python: packages: - bentoml - numpy models: - tag: MyModel:latest include: - "*.py" ``` - Then, create **service.p...

ghsa
Open in Source
#vulnerability#web#js#git#backdoor#rce#auth
GHSA-3f7v-qx94-666m: DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)

A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. ### Impact This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.

GHSA-fmhh-rw3h-785m: bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

### Impact The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before `v0.11.0`, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. ### Patches `v0.11.0` added a 10 MB upper limit.

GHSA-q7rw-w4cq-2j6w: bep/imagemeta allows excessively large EXIF data structures

### Impact The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before `v0.10.0`, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. ### Patches `v0.10.0` added LimitNumTags (default 5000) and LimitTagSize (default 10000) options.

GHSA-q62r-8ppj-xvf4: Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

### Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. ### Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. ### Workarounds Umbraco supports the configuration of [allowed](https://docs.umbraco.com/umbraco-cms/reference/configuration/contentsettings#allowed-upload-file-extensions) and [disallowed file extensions](https://docs.umbraco.com/umbraco-cms/reference/configuration/contentsettings#disallowed-upload-file-extensions). Using these options to allow only necessary file extensions significantly reduces the scope of the vulnerability.

GHSA-gmg8-593g-7mv3: Apache POI OOXML Vulnerable to Improper Input Validation in OOXML File Parsing

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry. This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file. Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.

GHSA-gjx9-wg9x-7gvp: Flowise Vulnerable to SQL Injection via `tableName` Parameter

Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.

72% of people are worried their data is being misused by the government, and that&#8217;s not all&#8230;

Our privacy is most at risk from companies, governments, and AI models, according to a new public survey from Malwarebytes.

Repair the bridge before it cracks: Understanding vulnerabilities and weaknesses in modern IT

Security is an ongoing engineering discipline, it's not just a reaction to a crisis. For example, if you were responsible for a large suspension bridge, you would know that cracks don’t appear overnight. They start as small stress fractures, invisible to the untrained eye. If ignored, these weaknesses eventually lead to structural failures. That’s why regular maintenance, checking for early signs of wear, reinforcing weak points, and applying protective coating is crucial.Security vulnerabilities in IT are often presented like bridge failures that make news headlines. These issues require

Medusa Ransomware Claims NASCAR Breach in Latest Attack

Medusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care.