Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apple#google#linux#apache#redis#nodejs#js#git#java#oracle#kubernetes#intel#php#c++#ldap#samba#pdf#graalvm#auth#ssh#docker#maven#kotlin#ssl
CVE-2023-41629: CVE-Advisory/CVE-2023-41629-eSST-Path-Traversal.pdf at main · post-cyberlabs/CVE-Advisory

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.

CVE-2023-41630: CVE-Advisory/CVE-2023-41630-eSST-Preauth-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.

CVE-2023-41631: CVE-Advisory/CVE-2023-41631-eSST-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function.

Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack

Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.

Amazon Quietly Wades Into the Passkey Waters

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.

GHSA-g4mx-q9vg-27p4: urllib3's request body not stripped after redirect from 303 status changes request method to GET

urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 303 "See Other" after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although the behavior of removing the request body is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. From [RFC 9110 Section 9.3.1](https://www.rfc-editor.org/rfc/rfc9110.html#name-get): > A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. ## Affected usages Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believ...

UAE, US Partner to Bolster Financial Services Cybersecurity

The two countries agree to share financial services information and provide cross-border training and best practices.

Watch Out: Attackers Are Hiding Malware in 'Browser Updates'

Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.

Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users

By Deeba Ahmed KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular… This is a post from HackRead.com Read the original post: Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users