Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2023-1540: Observable Response Discrepancy in Password Reset Functionality in answer

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

CVE
Open in Source
#web#windows#apple#js#git#java#auth#chrome#webkit
CVE-2023-1536: Store XSS in create tag in answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

RHSA-2023:1270: Red Hat Security Advisory: OpenShift Container Platform 4.12.8 security update

Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...

CVE-2023-1527: sec(VTLIB) purify clean javascript in href · tsolucio/corebos@aaaca69

Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.

GHSA-c24f-2j3g-rg48: kaml has potential denial of service while parsing input with anchors and aliases

### Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. ### Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. ### Workarounds None. ### References Wikipedia has an explanation of this class of vulnerability: [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) ### Acknowledgements Thank you to @gdude2002 for reporting this issue.

MyBB External Redirect Warning 1.3 Cross Site Scripting

MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.

Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (