Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides

The Hacker News
Open in Source
#web#linux#apache#The Hacker News
OX App Suite Cross Site Scripting / Denial Of Service

OX App Suite frontend version 7.10.6-rev42 suffers from cross site scripting vulnerabilities. OX App Suite backend versions 7.10.6-rev61 and 8.22 suffer from a denial of service vulnerability.

GHSA-w7cp-g8v7-r54m: Apache Airflow Cross-site Scripting Vulnerability

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

Red Hat Security Advisory 2024-5696-03

Red Hat Security Advisory 2024-5696-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-5695-03

Red Hat Security Advisory 2024-5695-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-5694-03

Red Hat Security Advisory 2024-5694-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-5693-03

Red Hat Security Advisory 2024-5693-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.

GHSA-8m84-h9hh-3cfh: Apache SeaTunnel SQL Injection vulnerability

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

GHSA-6247-7862-q2pq: Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Simple Machines Forum 2.1.4 Code Injection

Simple Machines Forum version 2.1.4 suffers from an authenticated code injection vulnerability.