Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

How to Tell When Your Phone Will Stop Getting Security Updates

Every smartphone has an expiration date. Here’s when yours will probably come.

Wired
Open in Source
#vulnerability#web#ios#android#apple#google#perl#samsung#auth
Ubuntu Security Notice USN-6386-2

Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5405-01

Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.

GHSA-rp65-jpc7-8h8p: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

GHSA-h8wh-f7gw-fwpr: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.

GHSA-9hwp-cj7m-wjw4: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of

GHSA-h69v-mvh9-hfrq: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager

Dependabot impersonators cause trouble on GitHub

Categories: Personal Tags: dependabot Tags: GitHub Tags: password Tags: attack Tags: imitate Tags: profile Tags: avatar Tags: commit Tags: resource Tags: dependency We take a look at a clever attack imitating GitHub's Dependabot in order to publish rogue project updates. (Read more...) The post Dependabot impersonators cause trouble on GitHub appeared first on Malwarebytes Labs.

CVE-2023-4316: zod

Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails

CVE-2023-43657: Improper escaping of encrypted topic titles can lead to XSS under non-default site configuration

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.