Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-46317: release 5.7.0 (!1448) · Merge requests · Knot projects / Knot Resolver · GitLab

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.

CVE
Open in Source
#git
CVE-2023-46315: Require secret key configuration when enabling gradio auth by zanllp · Pull Request #368 · zanllp/sd-webui-infinite-image-browsing

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

GHSA-9x43-5qcq-h79q: in django-grappelli

views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

GHSA-h454-rq3m-89rc: Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

CVE-2021-46897: (security) An login user can access local files on coderedcms server · Issue #448 · coderedcorp/coderedcms

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

What is the Dark Web, Search Engines, and What Not to Do on the Dark Web

By Waqas In this article, we will delve deeper into what is the dark web, exploring its definition, the top… This is a post from HackRead.com Read the original post: What is the Dark Web, Search Engines, and What Not to Do on the Dark Web

CVE-2023-46303: GitHub - 0x1717/ssrf-via-img: SSRF Vulnerability in PANDOC and CALIBRE

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

GHSA-c59h-r6p8-q9wc: Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

CVE-2023-46298: Missing cache control directive for server side props response when using middleware and prefetch · Issue #45301 · vercel/next.js

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

Vietnamese DarkGate Malware Targets META Accounts in the UK, USA, India

By Deeba Ahmed The cybersecurity researchers at WithSecure have identified a connection between Vietnamese DuckTail infostealer and DarkGate malware. KEY FINDINGS… This is a post from HackRead.com Read the original post: Vietnamese DarkGate Malware Targets META Accounts in the UK, USA, India