#git

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

By Owais Sultan Believe it or not, the internet is now over half a century old. Of course, it has really… This is a post from HackRead.com Read the original post: Is It Possible to Delete Yourself From the Internet Altogether?

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs _only_ to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.