Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-32q7-gv7f-4cg5: Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g74q-5xw3-j7q9. This link is maintained to preserve external references. ## Original Description .NET Denial of Service Vulnerability

ghsa
Open in Source
#vulnerability#microsoft#linux#dos#git
GHSA-cmh9-rx85-xj38: sidekiq-unique-jobs UI server vulnerable to XSS & RCE in Redis

### Summary Cross site scripting (XSS) potentially exposing cookies / sessions / localStorage, fixed by `sidekiq-unique-jobs` v8.0.7. Specifically, this is a Reflected (Server-Side), Non-Self, Cross Site Scripting vulnerability, considered a **_P3_** on the BugCrowd [taxonomy](https://bugcrowd.com/vulnerability-rating-taxonomy) with the following categorization: Cross-Site Scripting (XSS) > Reflected > Non-Self It was initially thought there was a second vulnerability (RCE), but it was a false alarm. Injection is impossible with Redis: > String escaping and NoSQL injection > The Redis protocol has no concept of string escaping, so injection is impossible under normal circumstances using a normal client library. The protocol uses prefixed-length strings and is completely binary safe. Ref: https://redis.io/docs/management/security/ **XSS Vulnerability** Specially crafted `GET` request parameters handled by any of the following endpoints of `sidekiq-unique-jobs`' "admin" web UI, a...

GHSA-wf85-8hx9-gj7c: TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

### Problem The TYPO3-specific [`t3://` URI scheme](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references) could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-005](https://typo3.org/security/advisory/typo3-core-sa-2024-005)

GHSA-h47m-3f78-qp9g: TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

### Problem The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-004](https://typo3.org/security/advisory/typo3-core-sa-2024-004)

GHSA-4576-pgh2-g34j: derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module

The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled.

GHSA-38r2-5695-334w: TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

### Problem Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to the TYPO3 framework merger Christian Kuhn and external security researchers Maximilian Beckmann, Klaus-Günther Schmidt who reported this issue, and TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2024-003](https://typo3.org/security/advisory/typo3-core-sa-2024-003)

TheTruthSpy stalkerware, still insecure, still leaking data

Stalkerware app TheTruthSpy has been hacked for the fourth time, once again leaking the sensitive data it captures.

Remote Monitoring & Management software used in phishing attacks

Threat actors are abusing commercial remote software like AnyDesk to phish users and defraud them.

Remote Monitoring & Management software used in phishing attacks

Threat actors are abusing commercial remote software like AnyDesk to phish users and defraud them.

GHSA-747x-5m58-mq97: svix vulnerable to Authentication Bypass

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.