Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Red Hat Security Advisory 2024-5695-03

Red Hat Security Advisory 2024-5695-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#apache#js#java
Red Hat Security Advisory 2024-5694-03

Red Hat Security Advisory 2024-5694-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-5693-03

Red Hat Security Advisory 2024-5693-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown. The attack chains commence with phishing messages with photos of alleged prisoners of war (

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,

GHSA-6247-7862-q2pq: Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-c6c3-h4f7-3962: apollo-portal has potential unauthorized access issue

### Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. ### Patches The issue was addressed with an input parameter check in #5192, which was released in version [2.3.0](https://github.com/apolloconfig/apollo/releases/tag/v2.3.0). ### Workarounds To mitigate the issue without upgrading, follow the recommended practices to prevent Apollo from being exposed to the internet. ### Credits The vulnerability was reported and reproduced by [Lakeswang](https://github.com/Lakes-bitgetsec). ### References For any questions or comments regarding this advisory: * Open an issue in [issue](https://github.com/apolloconfig/apollo/issues) * Email us at [[email protected]](mailto:[email protected])

Ubuntu Security Notice USN-6969-1

Ubuntu Security Notice 6969-1 - It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. This issue only affected Ubuntu 24.04 LTS.

Lost and Found Information System 1.0 Cross Site Request Forgery

Lost and Found Information System version 1.0 suffers from a cross site request forgery vulnerability.

Loan Management System 1.0 Cross Site Request Forgery

Loan Management System version 1.0 suffers from a cross site request forgery vulnerability.