Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2025-21185: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could achieve elevation of privilege and gain the ability to read the API component.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
GHSA-6fx8-h7jm-663j: parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.

CISA's AI Playbook Pushes For More Information Sharing

The Joint Cyber Defense Collaborative playbook seeks to establish a "a unified approach" on how to handle AI-related cybersecurity threats.

GHSA-mm6v-68qp-f9fw: Crayfish allows Remote Code Execution via Homarus Authorization header

### Impact _What kind of vulnerability is it? Who is impacted?_ Remote code execution may be possible in web-accessible installations of Homarus in certain configurations. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The issue has been patched in `islandora/crayfish:4.1.0` ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ The exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus. Configure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs. ### References _Are there any links users can visit to find out more?_ - XBOW-024-071

Attackers Hijack Google Advertiser Accounts to Spread Malware

It's an especially brazen form of malvertising, researchers say, striking at the heart of Google's business; the tech giant says it's aware of the issue and is working quickly to address the problem.

GHSA-c873-wfhp-wx5m: SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided `chip_ordering` is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this `chip_ordering` correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’s name is equal to the name stored in the verifying key’s chip information. In the recursive verifier, every verifier program is generated beforehand and later checked for correctness by requiring a merkle proof to the precomputed merkle root of valid verifier keys. Therefore, the recursive verifier and the on-chain verifier were not affected by this vulnerability. This code was audited twice, once as a part of the audit by KALOS and once by Cantina for v1.0.0. This bug was found by the Succinct team during preparation of v4.0.0. Out of abundance of caution, we will be deprecating all previous versions and freeze the corresponding verifiers. Furthermore, in the recursive verifier, th...

GHSA-7pq6-v88g-wf3w: Sentry's improper authentication on SAML SSO process allows user impersonation

### Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. ### Patches - [Sentry SaaS](https://sentry.io): The fix was deployed on Jan 14, 2025. - [Self-Hosted Sentry](https://github.com/getsentry/self-hosted): If only a single organization is allowed (`SENTRY_SINGLE_ORGANIZATION = True`), then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. ### Workarounds No known workarounds. ### References - https://github.com/getsentry/sentry/pull/83407

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes

A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients.…

GHSA-2c6g-pfx3-w7h8: Insecure Temporary File in RESTEasy

### Impact In RESTEasy the insecure `File.createTempFile()` is used in the `DataSourceProvider`, `FileProvider` and `Mime4JWorkaround` classes which creates temp files with insecure permissions that could be read by a local user. ### Patches Fixed in the following pull requests: * https://github.com/resteasy/resteasy/pull/3409 (7.0.0.Alpha1) * https://github.com/resteasy/resteasy/pull/3423 (6.2.3.Final) * https://github.com/resteasy/resteasy/pull/3412 (5.0.6.Final) * https://github.com/resteasy/resteasy/pull/3413 (4.7.8.Final) * https://github.com/resteasy/resteasy/pull/3410 (3.15.5.Final) ### Workarounds There is no workaround for this issue. ### References * https://nvd.nist.gov/vuln/detail/CVE-2023-0482 * https://bugzilla.redhat.com/show_bug.cgi?id=2166004 * https://github.com/advisories/GHSA-jrmh-v64j-mjm9

CISA: Second BeyondTrust Vulnerability Added to KEV Catalog

BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.