Security
Headlines

Tag

#vulnerability

GHSA-5hgc-2vfp-mqvc: Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

GHSA-7vw9-cfwx-9gx9: Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free. Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.10. .NET 6.0 will not receive a security patch for this vulnerability. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/326 ## <a name="mitigation-factors"></a>Mitigation factors HTTP/3 support is not enabled by default in ASP.NET Core applications. For more information on how ...

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated

The Perils of Ignoring Cybersecurity Basics

The massive outage involving a faulty Falcon update is an excellent illustration of what happens when organizations neglect security fundamentals.

GHSA-rf5m-h8q9-9w6q: Information Disclosure in TYPO3 Page Tree

### Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Peter Schuler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Ubuntu Security Notice USN-7057-1

Ubuntu Security Notice 7057-1 - It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack.

Ubuntu Security Notice USN-7043-3

Ubuntu Security Notice 7043-3 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Ubuntu Security Notice USN-7041-3

Ubuntu Security Notice 7041-3 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

PHP-Nuke Top Module SQL Injection

The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.

We use cookies to provide necessary website functionality, and improve your user experience. By using the website, you agree to Privacy Policy and cookies usage.