Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-23548: Fix XSS in business intelligence

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.

CVE
Open in Source
#xss#vulnerability#apache#git#java#intel
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

GHSA-gpvc-mx6g-cchv: underscore-keypath vulnerable to Prototype Pollution

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the `setProperty()` function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like `__proto__`.

GHSA-ffw3-6378-cqgp: mlflow vulnerable to OS Command Injection

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.

GHSA-9v3w-w2jh-4hff: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.

CVE-2023-39122: GitHub - DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection: BMC Control-M Unauthenticated SQL Injection

BMC Control-M Software v9.0.20.200 was discovered to contain a SQL injection vulnerability via the report-id parameter at /report/deleteReport.

The Most In-Demand Freelance Skills for 2023

By Waqas The post-COVID era provides a unique opportunity for skilled individuals to take advantage of the growing freelancing economy.… This is a post from HackRead.com Read the original post: The Most In-Demand Freelance Skills for 2023