Tagged: Cybersecurity Alert

BBOT’s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. More information : https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

BBOT’s gitdumper module could be abused to execute commands through a malicious git repository. More information : https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

BBOT’s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. More information : https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file. More information : https://github.com/logseq/logseq

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before...

Insufficient escaping in the report scheduler within Checkmk

Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute...

Potential use of sensitive information in GET requests in Checkmk GmbH’s Checkmk versions

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack,...

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption. More information : https://www.ibm.com/support/pages/node/7247502

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data. More information : https://www.ibm.com/support/pages/node/7247502

A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback...

In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 (“gpiolib: acpi: Make sure we fill struct acpi_gpio_info”), uninitialized acpi_gpio_info struct are passed to __acpi_find_gpio() and...

In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6...