Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-6hh7-46r2-vf29: Server crashes on invalid Cloud Function or Cloud Job name

### Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. ### Patches Added string sanitation for Cloud Function name and Cloud Job name. ### Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 - https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 (Fix for Parse Server 7 alpha) - https://github.com/parse-community/parse-server/releases/tag/6.5.5 (Fix for Parse Server 6 LTS)

ghsa
Open in Source
#vulnerability#web#nodejs#git
Upcoming webinar: How a leading architecture firm approaches cybersecurity

Learn how top-tier cybersecurity tactics are applied in real-world scenarios.

Owning Versus Renting – The Circumstances of Web3 Domains

By Daily Contributors Last week, Charles Dray from Resonance Security organized a meeting for me with Davide Vicini, the CEO of Freename, which is a company in… This is a post from HackRead.com Read the original post: Owning Versus Renting – The Circumstances of Web3 Domains

Cybercriminals Beta Test New Attack to Bypass AI Security

By Waqas New AI-Dodging Phishing Attack AI Security and Exploits Machine Learning. This is a post from HackRead.com Read the original post: Cybercriminals Beta Test New Attack to Bypass AI Security

Ubuntu Security Notice USN-6701-1

Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Tramyardg Autoexpress 1.3.0 Authentication Bypass

Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.

Red Hat Security Advisory 2024-1325-03

Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-1324-03

Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.