7 matches found
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...
[SECURITY] [DLA 3476-1] cups security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3476-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 30, 2023 https://wiki.debian.org/LTS -...
Fedora 38 : mingw-python-requests (2023-f3824383be)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3824383be advisory. Update to requests-2.31.0. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Hackers Using Fake Foundations to Target Uyghur Minority in China
The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creatin...
CVE-2021-27823
An information disclosure vulnerability was discovered in /index.class.php via port 8181 on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system...
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...
Cisco DNA Center Cross Origin Resource Sharing Vulnerability
A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...