Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-46575: Meshery The Kubernetes and Cloud Native Manager - an extensible developer platform

A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#linux#js#git#kubernetes#intel#docker#ssl
Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions

By Deeba Ahmed Check Point Research Reports New Million-Dollar Rug Pull Scam with a Fake Token Factory. This is a post from HackRead.com Read the original post: Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions

Go on a Psychedelic Journey of the Internet's Growth and Evolution

Security researcher Barrett Lyon, who makes visualizations of the internet's network infrastructure, is back with a new piece chronicling the rise of the IPv6 protocol.

Tell Me Your Secrets Without Telling Me Your Secrets

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain

GHSA-75w2-qv55-x7fv: openssl npm package vulnerable to command execution

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-wjxj-5m7g-mg7q: Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

By Deeba Ahmed Telekopye Toolkit was previously identified in August 2023 as being leveraged for a phishing scam by Russian cybercriminals. This is a post from HackRead.com Read the original post: Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

CVE-2022-44011: Fast Open-Source OLAP DBMS - ClickHouse

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

$19 Stanley cup deal is a Black Friday scam

What better way to kick off the holiday scamming season than by offering a Black Friday sale on one of the most popular products around: a Stanley cup.