Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

The Hacker News
Open in Source
#vulnerability#apache#java#rce#log4j#auth#sap#The Hacker News
GHSA-w799-v85j-88pg: Skupper uses a static cookie secret for the openshift oauth-proxy

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills

SOC analysts should also cultivate skills like incident handling and response, threat hunting, digital forensics, Python, and bash scripting.

GHSA-4xqq-m2hx-25v8: REXML denial of service vulnerability

### Impact The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. ### Patches The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. ### Workarounds Don't parse untrusted XMLs. ### References * https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability * https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/

GHSA-q5fm-55c2-v6j9: Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib

### Summary Vulnerability scan of fiona shows [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) ### Details fiona depends on madler-zlib 1.3. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. ### Impact Unkown. Please document if this vulnerability is exposed

GHSA-g4m4-9q4c-mfw6: Fiona affected by CVE-2020-14152 related to madler-zlib

### Summary Vulnerability scan of fiona shows [CVE-2020-14152](https://nvd.nist.gov/vuln/detail/CVE-2020-14152) ### Details In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. ### Impact Unkown. Please document if this vulnerability is exposed

Defending OT Requires Agility, Proactive Controls

As attackers set their sights on infrastructure, security teams need to reduce risk levels without compromising operational agility.

Debian Security Advisory 5730-1

Debian Linux Security Advisory 5730-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.