Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

GHSA-gc7p-j5xm-xxh2: Unauthorized Access to Private Fields in User Registration API

### System Details | Name | Value | |----------|------------------------| | OS | Windows 11 | | Version | 4.11.1 (node v16.14.2) | | Database | mysql | ### Description I marked some fields as private fields in user content-type, and tried to register as a new user via api, at the same time I added content to fill the private fields and sent a post request, and as you can see from the images below, I can write to the private fields. ![register](https://user-images.githubusercontent.com/32245914/246987508-9337ffd5-c681-4f51-9a0b-2490b424ca1e.png) ![user](https://user-images.githubusercontent.com/32245914/246987564-9f440b3f-a7a3-4710-9b75-0854667fc35d.png) ![private_field](https://user-images.githubusercontent.com/32245914/246987590-9c0ecefd-fd64-4221-b642-e730ea55d440.png) ![table](https://user-images.githubusercontent.com/32245914/246987604-009e6808-5690-458e-aa87-57dda7d4589d.png) To prevent this, I went to the extension a...

ghsa
Open in Source
#sql#vulnerability#windows#js#git#auth
GHSA-r6cc-7wj7-gfx2: Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation

Kubernetes is vulnerable to privilege escalation when a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.

CVE-2023-3893: [Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.

Microsoft’s Secure Future Initiative Boosts Cybersecurity Against Advanced Attacks

By Deeba Ahmed Microsoft's new AI-powered Secure Future Initiative aims to assist governments, businesses, and consumers in combatting cybersecurity threats. This is a post from HackRead.com Read the original post: Microsoft’s Secure Future Initiative Boosts Cybersecurity Against Advanced Attacks

NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads

Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware called NodeStealer. "Clicking on ads immediately downloads an archive containing a malicious .exe 'Photo Album' file which also drops a second executable written in .NET – this payload is in charge of

CVE-2023-5763: Eclipse GlassFish Security Guide, Release 7

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVE-2023-31102: 7-Zip / Discussion / Open Discussion: 7-Zip 23.00

7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.

CVE-2023-35896: IBM Content Navigator is vulnerable to Server Side Request Forgery leading to Arbitrary File Read due to Oracle Outside In Technology (CVE-2023-35896)

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Exploring Software Categories: From Basics to Specialized Applications

By Waqas Software is the backbone of modern technology, serving various purposes across different sectors. The vast array of software… This is a post from HackRead.com Read the original post: Exploring Software Categories: From Basics to Specialized Applications

Should you allow your browser to remember your passwords?

It’s very convenient to store your passwords in your browser. But is it a good idea?