Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-46001: SEGV in gpac/src/isomedia/isom_read.c:2807:51 in gf_isom_get_user_data · Issue #2629 · gpac/gpac

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#js#git#c++#buffer_overflow#sap
GHSA-6758-979h-249x: capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name

### Summary A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. ### Details - Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar` - Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind` > Please, notice the same ServiceAccount name, although in different namespaces. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. The CVE doesn't allow any privilege escalation on the outer ten...

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.

CVE-2023-5998

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Internet Blackouts in Gaza Are a New Weapon in the Israel-Hamas War

Israel has said it’s prepared to disrupt internet service in Gaza, signaling a new age of warfare. In the past two weeks, the Palestinian territory has already suffered three communications shutdowns.

CVE-2023-46501: report/boltwire/v6.03/boltwire_improper_access_control at main · Cyber-Wo0dy/report

An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole

IBM X-Force Discovers Gootloader Malware Variant- GootBot

By Deeba Ahmed GootBot: New Gootloader Variant Evades Detection with Stealthy Lateral Movement. This is a post from HackRead.com Read the original post: IBM X-Force Discovers Gootloader Malware Variant- GootBot

What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.

Okta breach happened after employee logged into personal Google account

Okta has concluded that the root cause of its breach was an employee storing company credentials in a private Google account.