Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

Debian Security Advisory 5424-1

Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

Packet Storm
Open in Source
#linux#debian#js#php#auth#ssh
CVE-2022-28550: Merge branch 'master' of git+ssh://192.168.0.20/home/serv/jhead · Matthias-Wandel/jhead@64894db

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.

CVE-2023-29007: GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in mingit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-29011: GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-33290: git-url-parse

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named "Impulse

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak

Anevia Flamingo XL version 3.2.9 suffers from an SSH sandbox escape via the use of traceroute. A remote attacker can breakout of the restricted environment and have full root access to the device.

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials

Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

OmniCart 3.4.0 Cross Site Scripting

OmniCart version 3.4.0 suffers from a cross site scripting vulnerability.

LearnDesk 1.0 Cross Site Scripting

LearnDesk version 1.0 suffers from a cross site scripting vulnerability.