#vulnerability

Red Hat Security Advisory 2024-1989-03 - An update for less is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-1982-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

### Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. ### Patches Patched in v0.125.3. ### Workarounds Replace with user defined templates or disable the internal templates: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault ### References https://github.com/gohugoio/hugo/releases/tag/v0.125.3

### Summary Conform allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to `parseWith...` functions. ### PoC ```javascript const { parseWithZod } = require('@conform-to/zod'); const { z } = require("zod"); const param = new URLSearchParams("__proto__.pollution=polluted"); const schema = z.object({ "a": z.string() }); parseWithZod(param, { schema }); console.log("pollution:", ({}).pollution); // should print "polluted" ``` ### Details The invocation of the `parseWithZod` function in the above PoC triggers the `setValue` function through `getSubmissionContext` and `parse`, executing the following process, resulting in prototype pollution: ```javascript let pointer = value; pointer.__proto__ = pointer.__proto__; pointer = pointer.__proto__; pointer.polluted = "polluted"; ``` This is caused by the lack of object existence checki...