Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-43621: security - croc: multiple issues in file sharing utility

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.

CVE
Open in Source
#web#mac#windows#linux#git#php#auth#ssh
CVE-2023-26144: OverlappingFieldsCanBeMergedRule: Fix performance degradation (#3958) · graphql/graphql-js@f94b511

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.

GHSA-g8h7-mcp6-pf47: File Upload vulnerability in Dolibarr ERP CRM

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.

GHSA-62wf-h26v-5m57: Cross Site Scripting vulnerability in Dolibarr ERP CRM

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

GHSA-6773-rfjv-c54w: Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.

DoppelPaymer ransomware group suspects identified

Categories: News Categories: Ransomware More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them. (Read more...) The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs.

CVE-2023-36319: GitHub - Lowalu/CVE-2023-36319: exp4CVE-2023-36319

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.

CVE-2020-24089: GitHub - rjt-gupta/CVE-2020-24089: Windows Privilege Escalation: IOBit Malware Fighter v8.0.2

An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).

Accelerated Encryption with 4th Gen Intel® Xeon® Scalable Processors

Earlier this year, Red Hat engineering took a close look at how to accelerate compression within applications by using 4th Gen Intel Xeon Scalable Processors that include Intel® QuickAssist Technology (Intel® QAT), which can accelerate both compression and encryption. Today we will examine the encryption capabilities and show how to achieve major performance improvements with leading load balancing applications. HAProxy and F5’s NGINX were tested running on Red Hat Enterprise Linux 9.2. Setting up We started with a RHEL 9.2 installation on a system with an Intel Xeon Platinum 8480+ p

GHSA-v92f-jx6p-73rx: Improper Control of Generation of Code ('Code Injection') in jai-ext

### Impact Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. ### Patches Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. ### Workarounds Negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath. ### References None.