Security
Headlines
HeadlinesLatestCVEs

Tag

#git

These Dangerous Scammers Don’t Even Bother to Hide Their Crimes

“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more.

Wired
Open in Source
#web#git#intel#sap
GHSA-mjr4-7xg5-pfvh: libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.

GHSA-6433-x5p4-8jc7: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of `attrs()` that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

GHSA-78h3-pg4x-j8cv: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `XmlNode::get_local_namespaces()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

GHSA-mg49-jqgw-gcj6: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `_wrap__xmlNode_nsDef_get()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

GHSA-wccg-v638-j9q2: karmada vulnerable to arbitrary code execution via a crafted command

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn

Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.

Dropbox Sign customer data accessed in breach

After a breach in the Dropbox Sign environment, customer information may have been stolen and API users have restricted functionality

GHSA-xv64-8p4r-94gq: pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

GHSA-4q63-mr2m-57hf: kubevirt allows a local attacker to execute arbitrary code via a crafted command

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.