Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-7f4j-64p6-5h5v: Traefik affected by HTTP/2 CONTINUATION flood in net/http

There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 ## Workarounds No workaround ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

ghsa
#vulnerability#git
GHSA-g8fc-vrcg-8vjg: Constallation has pods exposed to peers in VPC

### Impact Cilium allows outside actors (`world` entity) to directly access pods with their internal pod IP, even if they are not exposed explicitly (e.g. via `LoadBalancer`). A pod that does not authenticate clients and that does not exclude `world` traffic via network policy may leak sensitive data to an attacker _inside the cloud VPC_. ### Patches The issue has been patched in [v2.16.3](https://github.com/edgelesssys/constellation/releases/tag/v2.16.3). ### Workarounds This network policy excludes all `world` traffic. It mitigates the problem, but will also block all desired external traffic. If vulnerable pods are known, a policy can be crafted to only firewall those instead (see also https://docs.cilium.io/en/stable/security/policy/language/#access-to-from-outside-cluster). ```yaml apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy metadata: name: "from-world-to-role-public" spec: endpointSelector: matchLabels: {} # role: public ingressDeny: -...

CrushFTP Remote Code Execution

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.

Ubuntu Security Notice USN-6731-1

Ubuntu Security Notice 6731-1 - It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS.

Kruxton 1.0 SQL Injection

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

Kruxton 1.0 Shell Upload

Kruxton version 1.0 suffers from a remote shell upload vulnerability.

WBCE 1.6.0 SQL Injection

WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

AMPLE BILLS 0.1 SQL injection

AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.

PrusaSlicer 2.6.1 Arbitrary Code Execution

PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.

Moodle 3.10.1 SQL Injection

Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.