Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the

The Hacker News
Open in Source
#vulnerability#web#git#java#auth#zero_day#The Hacker News
CVE-2023-1536: Store XSS in create tag in answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

RHSA-2023:1270: Red Hat Security Advisory: OpenShift Container Platform 4.12.8 security update

Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...

CVE-2023-1527: sec(VTLIB) purify clean javascript in href · tsolucio/corebos@aaaca69

Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.

GHSA-c24f-2j3g-rg48: kaml has potential denial of service while parsing input with anchors and aliases

### Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. ### Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. ### Workarounds None. ### References Wikipedia has an explanation of this class of vulnerability: [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) ### Acknowledgements Thank you to @gdude2002 for reporting this issue.

MyBB External Redirect Warning 1.3 Cross Site Scripting

MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.

Yoga Class Registration System 1.0 Cross Site Scripting

Yoga Class Registration System version 1.0 suffers from a cross site scripting vulnerability.