home.social
Sign in Create account

#pathtraversal — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pathtraversal, aggregated by home.social.

  1. sekurak News @[email protected] ·

    Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

    #aktualnosci #android #awareness #botnet #chiny #fotografie
  2. sekurak News @[email protected] ·

    Wybrane urządzenia Fortineta pod ostrzałem – atakujący wykorzystywali 0day

    Zanim przejdziemy do konkretnego opisu  informacja dla administratorów:  podatne są następujące wersje  FortiWeb dla poszczególnych linii oprogramowania: Ponadto pojawiła się wreszcie oficjalna informacja od producenta (oraz identyfikator: CVE-2025-64446). Luka została wyceniona na 9.1 w skali CVSS 3.1 czyli krytyczna.   TLDR: Fortinet to firma, która bardzo często gości na naszych łamach....

    #Aktualności #Cgi #Fortinet #PathTraversal #Rce #Websec

    sekurak.pl/wybrane-urzadzenia-

    #aktualnosci #cgi #fortinet #pathtraversal #rce #websec
  3. sekurak News @[email protected] ·

    Aktualizujcie telewizory LG – podatność path traversal w popularnym systemie operacyjnym telewizorów

    Naszym ulubionym hasłem, dotyczącym IoT jest to, które mówi, że litera “s” w tym skrócie pochodzi od “security”. Niestety oprócz przydatnych funkcji umilających życie, “smart” urządzenia niosą za sobą większą powierzchnię ataku. A ponieważ użytkownik domowy nie zawsze pamięta o aktualizacjach komputera osobistego czy telefonu, to prawdopodobieństwo wgrania potrzebnych łatek...

    #WBiegu #Awareness #Iot #Lg #Pathtraversal #Podatność #Webos #Websec

    sekurak.pl/aktualizujcie-telew

    #wbiegu #awareness #iot #lg #pathtraversal #podatnosc
  4. Jonas Lejon @[email protected] ·

    ⚠️ Kritisk sårbarhet i Cisco IOS XE Wireless Controller – godtycklig filuppladdning möjlig. CVSS-score på 10 av 10 möjliga!

    kryptera.se/kritisk-sarbarhet-

    #Cisco #IOSXE #CiscoWLC #CVSS10 #CVE202520188 #Sårbarhet #Informationssäkerhet #ITsäkerhet #RootAccess #RCE #JWT #HardCodedCredentials #PathTraversal #WirelessLAN #Catalyst9800 #Nätverkssäkerhet #Sårbarhetsanalys #Exploit #Cybersecurity #SecurityAdvisory

    #cisco #iosxe #ciscowlc #cvss10 #cve202520188 #sarbarhet
  5. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

    #gitlab #cve #authenticationbypass #pathtraversal #denialofservice #patchrelease
  6. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

    #gitlab #cve #authenticationbypass #pathtraversal #denialofservice #patchrelease
  7. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

    #gitlab #cve #authenticationbypass #pathtraversal #denialofservice #patchrelease
  8. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

    #patchrelease #denialofservice #pathtraversal #authenticationbypass #cve #gitlab
  9. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

    #gitlab #cve #authenticationbypass #pathtraversal #denialofservice #patchrelease