#git

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.

Flaws in the Points.com platform, which is used to manage dozens of major travel rewards programs, exposed user data—and could have let an attacker snag some extra perks.

# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-044` The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [Aerospike Java Client](https://github.com/aerospike/aerospike-client-java/). We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively coordinate a resolution of this issue with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `[email protected]` (please include `GHSL-2023-044` as a reference). If you are _NOT_ the correct point of contact for this report, please let us know! ## Summary The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further valida...

### Impact _What kind of vulnerability is it? Who is impacted?_ Anyone who might have used Soketi with the `cluster` driver (or through PM2). ### Patches _Has the problem been patched? What versions should users upgrade to?_ Get the latest version of Soketi. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ None. It's advised to upgrade to the latest version. ### References _Are there any links users can visit to find out more?_ - https://github.com/advisories/GHSA-cchq-frgv-rjh5 - https://github.com/patriksimek/vm2/issues/533 - https://github.com/Unitech/pm2/issues/5643

### Impact It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Impacted by this issue are Sulu installation >= 2.5.0 and <2.5.10 using the newer Symfony Security System which is default since Symfony 6.0 but can be enabled in Symfony 5.4. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. ### Patches The problem has been patched in version 2.5.10. ### Workarounds Create a custom AuthenticationFailureHandler which does not return the `$exception->getMessage();` instead the `$exception->getMessageKey();` ### References Currently no references.

Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json.

Gatekeeper Operator v0.2 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

By Waqas These networks generated revenues from advertising sexually explicit content involving children. This is a post from HackRead.com Read the original post: Operation Narsil INTERPOL Busts Decade-Old Child Abuse Network

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.