Security
Headlines
HeadlinesLatestCVEs

Tag

#git

ESET Launches a New Solution for Small Office/Home Office Businesses

DARKReading
Open in Source
#web#android#mac#windows#git#samba#auth
Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.

GHSA-j55w-hjpj-825g: Contao: Insufficient BBCode sanitizer

### Impact If BBCode is enabled for comments, users can inject CSS styles. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Disable BBCode for comments. ### References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-747v-52c4-8vj8: Contao: Unencoded insert tags in the frontend

### Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Do not output the submitted form data on the website. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-v24p-7p4j-qvvf: Contao: Cross site scripting in the file manager

### Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. ### Patches Update to Contao 4.13.40 or Contao 5.3.4. ### Workarounds Disable uploads for untrusted users. ### References https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Alexander Wuttke for reporting this vulnerability.

EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

GHSA-qmr3-52xf-wmhx: Apache Zeppelin: LDAP search filter query Injection Vulnerability

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

GHSA-66j8-c83m-gj5f: Apache Zeppelin remote code execution by adding malicious JDBC connection string

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.