Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Freelance Market Flooded With North Korean IT Actors

Organizations should be careful that the workers they hire on a freelance and temporary basis are not operatives working to funnel money to North Korea's WMD program, US DOJ says.

DARKReading
#web#git#auth
Google Chrome to Mask User IP Addresses to Protect Privacy

By Waqas The feature is called IP Protection, and it's important to note that it is not a VPN. A VPN encrypts all of a user's traffic, while IP Protection only masks their IP address. This is a post from HackRead.com Read the original post: Google Chrome to Mask User IP Addresses to Protect Privacy

CVE-2023-46331: Out-of-Bound Memory Read in DataSegment::IsValidRange() · Issue #2310 · WebAssembly/wabt

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

CVE-2023-46332: Out-of-Bound Memory Write in DataSegment::Drop() · Issue #2311 · WebAssembly/wabt

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

CVE-2023-5718: Vuejs Dev Tools v6.5.0 Sensitive Information Leaked to Malicious Web Page

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.

CVE-2023-46127: refactor: escape instead of sanitizing HTML by ankush · Pull Request #22339 · frappe/frappe

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

Debian Security Advisory 5530-1

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

Red Hat Security Advisory 2023-5982-01

Red Hat Security Advisory 2023-5982-01 - An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5980-01

Red Hat Security Advisory 2023-5980-01 - Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.