Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

GHSA-wmff-grcw-jcfm: Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles

### Impact The 1.4.0 release includes a regression on the filesystem scope check for dotfiles on Linux and macOS. Previously dotfiles (eg. `$HOME/.ssh/`) were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented and dotfiles were implicitly allowed. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. Only macOS and Linux systems are affected. ### Patches The regression has been patched on `v1.4.1`. ### Workarounds There are no known workarounds at this time, users should update to `v1.4.1` immediately. ### References See the [original advisory](https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5) for more information. ### For more Information If you have any questions or comments about this advisory: Open an issue in tauri Email us at [security@tauri.app](mailto:security@tauri.app)

ghsa
Open in Source
#mac#linux#git#ssh
'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms

The emerging cyber-threat group is unusually persistent and nimble, bypassing MFA, stealing data, and using compromised environments for downstream customer attacks.

PHP Online School 1.0 Cross Site Scripting

PHP Online School version 1.0 suffers from a cross site scripting vulnerability.

PHP Mall 5.0 Cross Site Scripting

PHP Mail version 5.0 suffers from a cross site scripting vulnerability.

Nokia ASIKA 7.13.52 Private Key Disclosure

Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.

PHP Car Dealer 3.0 Cross Site Scripting

PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.

Talroo Jobs Script 1.0 Cross Site Scripting

Talroo Jobs Script version 1.0 suffers from a cross site scripting vulnerability.

RHSA-2023:3711: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-48281: A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, "WRITE of size 307203") via a crafted TIFF image. * CVE-2023-0795: A flaw was found in tiffcrop, a program distributed by the libtiff package. A sp...

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel

Schneider Power Meter Vulnerability Opens Door to Power Outages

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.