Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-c7w6-33j3-j3mx: Ryu Infinite Loop vulnerability

`OFPBucket` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `action.len=0`.

ghsa
Open in Source
#vulnerability#dos#git
GHSA-ffp9-pfq9-g2ww: Ryu Infinite Loop vulnerability

`OFPMultipartReply` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `b.length=0`.

GHSA-fgpw-cx3v-wj95: Ryu Infinite Loop vulnerability

`OFPPacketQueue` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `OFPQueueProp.len=0`.

GHSA-59p2-v62x-gxj8: Ryu Infinite Loop vulnerability

`OFPHello` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `length=0`.

A Checklist for What Every Online Coding Class for Kids Needs

By Uzair Amir Is your coding class engaging and effective? Learn what makes the best online coding classes for kids fun, effective, and future-proof! This is a post from HackRead.com Read the original post: A Checklist for What Every Online Coding Class for Kids Needs

GHSA-hr2r-w6wc-25pv: Zenario uses Twig filters insecurely in the Twig Snippet plugin

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

GHSA-7qwj-gcjf-828f: Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)

New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

By Waqas A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark This is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

GHSA-hfrv-h3q8-9jpr: kurwov vulnerable to Denial of Service due to improper data sanitization

### Summary An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. ### Details https://github.com/xiboon/kurwov/blob/0d58dfa42135ab40e830e92622857282f980ca89/src/MarkovData.ts#L38-L44 If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the second line will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). `data` is then defined as the special function found in its prototype instead of an array. On the last line, `data` is then indexed by a random number, which is supposed to return a string but returns undefined as it's a function. Calling `endsWith` then throws. ### PoC https://runkit.com/embed/m6uu40r5ja9b ### ...

GHSA-qq22-jj8x-4wwv: Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

### Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. ### Workarounds Enabling the `api.disable_remote_download` option or updating to the latest version of Wings are the only known workarounds. ### Patches https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8