Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-43341: GitHub - sromanhu/CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-: Evolution CMS 3.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbi

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.

CVE
Open in Source
#xss#vulnerability#web#git#java#auth
CVE-2023-43875: CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/README.md at main · sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

CVE-2023-30132: EasyInstall CVE Issue

An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

North Korean State Actors Attack Critical Bug in TeamCity Server

Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.

CVE-2022-42150: cloud-lab/configs/common/seccomp-profiles-default.json at d19ff92713685a7fb84b423dea6a184b25c378c9 · tinyclub/cloud-lab

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

GHSA-hmgw-9jrg-hf2m: Directus crashes on invalid WebSocket message

### Summary It seems that any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. This could probably be posted as an issue and I might even be able to put together a pull request for a fix (if only I had some extra time...), but I decided to instead post as a vulnerability just for the maintainers, since this seemingly can be used to crash any live Directus server if websockets are enabled, so public disclosure is not a good idea until the issue is fixed. ### Details The fix for this seems quite simple; the websocket server just needs to properly catch the error instead of crashing the server. See for example: https://github.com/websockets/ws/issues/2098 ### PoC - Start a fresh Directus server (using for example the compose file here: https://docs.directus.io/self-hosted/docker-guide.html). Enable websockets by setting `WEBSOCKETS_ENABLED: 'true'` environment variable. - run a separate node app somewhere else to send an...