Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

GHSA-95w5-q9vp-5vrm: Heron allows CRLF log injection

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

ghsa
Open in Source
#apache#java#maven
CVE-2022-40690: Security · BookStack

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

Failed Cobalt Strike fix with buried RCE exploit now patched

The fix was developed at a running pace as Cobalt Strike is essential to Red Team operations

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Third-party application patching: Everything you need to know for your business

Categories: Business In this post, we cover the importance of third-party application patching and the challenges it can solve for your organization. (Read more...) The post Third-party application patching: Everything you need to know for your business appeared first on Malwarebytes Labs.