Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-8m84-h9hh-3cfh: Apache SeaTunnel SQL Injection vulnerability

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

ghsa
#sql#vulnerability#apache#git
National Public Data leaked passwords online

The National Public Data breach includes the Social Security Numbers of many US citizens. Find out about yours.

Toyota confirms customer and employee data stolen, says breach at third party to blame

Car manufacturer Toyota has acknowledged a breach after stolen data was given away on an underground forum.

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

GHSA-4crf-28c7-v4gr: Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,

GHSA-6247-7862-q2pq: Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-h27c-6xm3-mcqp: Kanister vulnerable to cluster-level privilege escalation

### Details The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding(https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49). The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it have create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. If a malicious user can access the worker node which has this component, he/she can: For the create/patch/update verbs of daemonset resources, the malicious user can abuse it to create or modify a set of Pods to mount a high-privilege service account (e.g., the cluster-admin service account). After that, he/she can abuse the high-privilege SA token of created Pod to take over the whole cluster. For the create verb of serviceaccount/token resources, a malicious user can abuse this permission to generate new Service ...

An AWS Configuration Issue Could Expose Thousands of Web Apps

Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive