Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-6507: gh-112334: Restore subprocess's use of `vfork()` & fix `extra_groups=[]` behavior by gpshead · Pull Request #112617 · python/cpython

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).

CVE
#linux#git
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.

Meta’s Purple Llama wants to test safety risks in AI models

Meta's Project Llama aims to help developers filter out specific items that might cause their AI model to produce inappropriate content.

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three

Kopage Website Builder 4.4.15 Shell Upload

Kopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.

GHSA-j4g3-3q8x-jxqp: dbt-core's secret env vars written to package-lock.json in plaintext

### Impact When used to pull source code from a private repository using a Personal Access Token (PAT), some versions of dbt-core write a URL with the PAT in plaintext to the `package-lock.yml` file. ### Patches The bug has been fixed in [dbt-core v1.7.3](https://github.com/dbt-labs/dbt-core/releases/tag/v1.7.3). ### Mitigations Remove any git URLs with plaintext secrets from `package-lock.yml` file(s) on servers, workstations, or in source control. Rotate any tokens that have been written to version-controlled files.

GHSA-hjfp-2j7q-xmx4: Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

GHSA-f2w8-4m48-5qrq: Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

GHSA-m42v-qv3c-h6j7: Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

GHSA-7787-p7x6-fq3j: Candid infinite decoding loop through specially crafted payload

### Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the rust candid decoder treats `empty` as an extra field required by the type. The problem with type `empty` is that the candid rust library wrongly categorizes `empty` as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. For asset canister users, `dfx` versions `>= 0.14.4` to `<= 0.15.2-beta.0` ships asset canister with an affected version of candid. #### Unaffected - Rust canisters using candid `< 0.9.0` or `>= 0.9.10` -...