Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain

The Hacker News
Open in Source
#vulnerability#windows#google#red_hat#js#git#kubernetes#aws#auth#docker#The Hacker News
CVE-2023-33706: Insecure Direct Object Reference (IDOR) affects Help Desk (SysAid) - CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.

CVE-2021-39008: Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.

CVE-2023-49210: Package openssl: Function exec is called (#41) and a single argument ("command") is passed to the function, enabling the injection of commands. The package's exported openssl() function (see index.js

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-49208: Check key length before parsing it in FIDO2 attestation registration · babelouest/glewlwyd@f9d8c06

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.

CVE-2023-30581: Tuesday June 20 2023 Security Releases | Node.js

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVE-2022-36777: Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

CVE-2023-25682: Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2023-25682)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

Red Hat Security Advisory 2023-7438-01

Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7436-01

Red Hat Security Advisory 2023-7436-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an out of bounds write vulnerability.