Security
Headlines
HeadlinesLatestCVEs

Tag

#js

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

DARKReading
#vulnerability#mac#js#git#intel
CVE-2022-38935: There is a vulnerability that can add the administrator account · Issue #25 · yourkevin/NiterForum

An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.

CVE-2022-38867: Security issue: SQL injection in zhaojh329/rttys · Issue #117 · zhaojh329/rttys

SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

CVE-2022-47508: SAM 2023.1 Release Notes

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

GitLab GitHub Repo Import Deserialization Remote Code Execution

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

Red Hat Security Advisory 2023-0651-01

Red Hat Security Advisory 2023-0651-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution esigned for on-premise or private cloud deployments.

Red Hat Security Advisory 2023-0652-01

Red Hat Security Advisory 2023-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.27. Issues addressed include denial of service and out of bounds read vulnerabilities.

OX App Suite Cross Site Scripting / Server-Side Request Forgery

OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities.