#git

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM, SCALANCE Vulnerabilities: NULL Pointer Dereference, Use After Free, Unchecked Input for Loop Condition, Out-of-bounds Write, Out-of-bounds Read, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Deadlock, Improper Resource Locking, Improper Input Validation, Stack-based Buffer Overflow, Use of NullPointerException Catch to Detect NULL Pointer Dereference, I...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Web Installer Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Automation License Manager V6.0: All versions OpenPCS 7 V9.1: All versions SIMATIC WinCC Runtime Professional: All versions SIMATIC WinCC Runtime Professional V20: All versions SIMATIC WinCC TeleControl: All versi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ArmorBlock 5000 I/O Vulnerabilities: Incorrect Authorization, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ArmorBlock 5000 I/O are affected: 5032-CFGB16M12P5DR: Versions 1.011 and prior 5032-CFGB16M12DR: Versions 1.011 and prior 5032-CFGB16M12M12LDR: Versions 1.011 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT AUTHORIZATION CWE-863 A security issue exists within the 5032 16pt Digital Configurable module's webserver. The webserver's session number increments at an interval that correlates to the last two consecutive login session interval, making it predictable. CVE-2025-7773 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has be...

Zimperium’s zLabs team uncovers a critical security flaw in the popular Android rooting tool, KernelSU v0.5.7. Learn how…

A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic. ### Impact There are two areas of YAML validation that were impacted. First, when a `Chart.yaml` file had a `null` maintainer or the `child` or `parent` of a dependencies `import-values` could be parsed as something other than a string, `helm lint` would panic. Second, when an `index.yaml` had an empty entry in the list of chart versions Helm would panic on interactions with that repository. ### Patches This issue has been resolved in Helm v3.18.5. ### Workarounds Ensure YAML files are formatted as Helm expects prior to processing them with Helm. ### References Helm's security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document. ### Credits Disclosed by Jakub Ciolek at AlphaSense.

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. ### Impact A malicious chart can point `$ref` in _values.schema.json_ to a device (e.g. `/dev/*`) or other problem file which could cause Helm to use all available memory and have an out of memory (OOM) termination. ### Patches This issue has been resolved in Helm v3.18.5. ### Workarounds Make sure that all Helm charts that are being loaded into Helm doesn't have any reference of `$ref` pointing to `/dev/zero`. ### References Helm's security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document. ### Credits Disclosed by Jakub Ciolek at AlphaSense.

The HTTP/2 [MadeYouReset vulnerability](https://galbarnahum.com/made-you-reset) has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not vulnerable to naive attacks based on MadeYouReset, and the naive PoC examples do not affect swift-nio-http2. However, in 1.38.0 we added some defense-in-depth measures as a precautionary measure that detect clients behaving "weirdly". These defense in depth measures tackle resource drain attacks where attackers interleave attack traffic with legitimate traffic to try to evade our existing DoS prevention mechanisms. We recommend all adopters move to 1.38.0 as soon as possible to mitigate against more sophisticated attacks that may appear in the future. We are very grateful to @galbarnahum, @AnatBB, and @YanivRL for their reporting and assistance with our...

## Summary The `steam-workshop-deploy` github action does not exclude the `.git` directory when packaging content for deployment and provides no built-in way to do so. If a `.git` folder exists in the target directory (e.g., due to a local Git repo, custom project structure, or via the `actions/checkout` workflow), it is silently included in the output package. This results in leakage of sensitive repository metadata and potentially credentials, including github personal access tokens (PATs) embedded in `.git/config`. Many game modding projects require packaging from the project root as the game expects certain files (assets, configuration, metadata) to be present at specific root-level paths. Consequently, the `.git` directory often exists alongside these required files and gets packaged unintentionally, especially when using `actions/checkout`. While github hosted runners automatically revoke ephemeral credentials at the end of each job, the severity of this issue increases dramat...

### Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. ### Patches This has been fixed in [pypdf==6.0.0](https://github.com/py-pdf/pypdf/releases/tag/6.0.0). ### Workarounds If you cannot upgrade yet, you might want to implement the workaround for `pypdf.filters.decompress` yourself: https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143 ### References This issue has been reported in #3429 and fixed in #3430.

## Summary A vulnerability was discovered in the External Secrets Operator where the `List()` calls for Kubernetes Secret and SecretStore resources performed by the `PushSecret` controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. --- ## Impact An attacker with the ability to create or update `PushSecret` resources and control `SecretStore` configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. --- ## Exploitability To exploit this vulnerability, an attacker must: 1. Have permissions to create or update `PushSecret` resources. 2. Control one or more `SecretStore` resources. With these conditions met, the attacker could leverage label select...