CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

USN-5871-1 git vulnerabilities

It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. CVE-2023-22490 Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could...

UBUNTU-CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

WordPress Robots.txt optimization Plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Robots.txt optimization Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25706 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1bba120cb645 Credits Abdi Pranat...

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...

setDrips may distribute the drip too fast if the time hints are not good enough

Lines of code Vulnerability details Impact The setDrips function is used to configure a drip. It can either be withdrawing it, adding a new one, or even managing an existing one by updating the configuration. Internally, it account for the drips that are yet to be distributed to refund them to th...

CVE-2023-0619 Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

PT-2023-16405 · WordPress · Kraken.Io Image Optimizer

Name of the Vulnerable Software and Affected Versions: Kraken.io Image Optimizer plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to authorization bypass due to a missing capability check on AJAX actions. This allows authenticated attackers with...

Gas Optimizations

See the markdown file with the details of this report here. --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-4548 Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

PT-2023-14679 · WordPress · Optimize Images Alt Text (Alt Tag) & Names For Seo Using Ai

Name of the Vulnerable Software and Affected Versions: Optimize images ALT Text & names for SEO using AI WordPress plugin versions prior to 2.0.8 Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CS...

CVE-2022-48120

CVE-2022-48120 concerns a SQL Injection flaw in kishan0725 Hospital Management System. The vulnerability is triggered in /search.php via the contact and doctor parameters, allowing an attacker to execute arbitrary commands. Root cause is a lack of input validation/parameterization in the affected...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

[SECURITY] Fedora 37 Update: jpegoptim-1.5.1-1.fc37

Jpegoptim is an utility to optimize JPEG files. Provides lossless optimization based on optimizing the Huffman tables and "lossy" optimization based on setting maximum quality factor...

Fedora: Security Advisory for jpegoptim (FEDORA-2023-d9c91f39a5)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2023-1221)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox ESR Security Advisories (MFSA2021-33, MFSA2021-35) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox ESR Security Advisories (MFSA2021-33, MFSA2021-35) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...