Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

NDtaskmatic 1.0 SQL Injection

NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#xss#vulnerability#web#git#php#auth
Red Hat Security Advisory 2024-1195-03

Red Hat Security Advisory 2024-1195-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

GliNet 4.x Authentication Bypass

GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.

Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal

Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.

Red Hat Security Advisory 2024-1141-03

Red Hat Security Advisory 2024-1141-03 - An update for mysql is now available for Red Hat Enterprise Linux 9.

GHSA-m757-p8rv-4q93: Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

GHSA-v627-69v2-xx37: `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

### Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. ### Details https://github.com/stacklok/minder/blob/e88e4b286e4bc04c03b0332a77961f085e1aa77f/database/query/repositories.sql#L22-L23 https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 The DB query used here checks by repo owner, repo name and provider name (which is always "github"). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. `DeleteRepositoryByName` uses the same query and I have been able to delete another user's repo using this technique. The `GetArtifactByName` endpoint also uses this DB query. I have not reproduced the behaviou...

WordPress Neon Text 1.1 Cross Site Scripting

WordPress Neon Text plugin versions 1.1 and below suffer from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2024-1081-03

Red Hat Security Advisory 2024-1081-03 - An update for sqlite is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.