975 matches found
Design/Logic Flaw
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...
Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking , a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The...
GitHub Security Lab: [Python] Unsafe Unpacking and TarSlip bug slaying
Vulnerability description not provided...
Thruk Monitoring Web Interface 3.06 - Path Traversal
Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit +...
GitHub Security Lab: cpp: if (a+b>c) a=c-b is incorrect if a+b overflows
Vulnerability description not provided...
GitHub Security Lab: JavaScript: Add some new XSS sinks and sources of Next.js (and some extra improvements)
Vulnerability description not provided...
Debian dla-3442 : jupyter-nbconvert - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3442 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3442-1 [email protected] https://www.debian.org/lts/security/...
GitHub Security Lab: [Python] Add Unicode Bypass Validation query tests and help
Vulnerability description not provided...
GitHub Security Lab: [python]: Add some dangerous sinks for paramiko ssh clients
Vulnerability description not provided...
GitHub Security Lab: CPP: Add query for CWE-369: Divide By Zero.
Vulnerability description not provided...
CVE-2023-2104 Improper Access Control in alextselegidis/easyappointments
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Spoofing
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...
GitHub Security Lab: Go : Add more JWT sinks
Vulnerability description not provided...
GitHub Security Lab: [Python]: Timing attack
Vulnerability description not provided...
GitHub Security Lab: [Ruby]: Server Side Template Injection
Vulnerability description not provided...
GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection
Vulnerability description not provided...
GHSA-6Q4M-7476-932W github-slug-action vulnerable to arbitrary code execution
Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...
GitHub Security Lab: [Python] Unsafe unpacking using shutil.unpack_archive() query and tests
Vulnerability description not provided...
GO-2023-1600 Arbitrary code execution in github.com/kitabisa/teler-waf
Improper handling of payload with special characters, such as CR/LF and horizontal tab, can lead to execution of arbitrary JavaScript code...