βΌ CVE-2022-2102 βΌ
π Read
via "National Vulnerability Database".
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32209 βΌ
π Read
via "National Vulnerability Database".
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21829 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing Γ’β¬Λconcrete_secureΓ’β¬β’ instead of Γ’β¬ΛconcreteΓ’β¬β’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30117 βΌ
π Read
via "National Vulnerability Database".
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesnΓ’β¬β’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1741 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1744 βΌ
π Read
via "National Vulnerability Database".
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1666 βΌ
π Read
via "National Vulnerability Database".
The default password for the web applicationΓ’β¬β’s root user (the vendorΓ’β¬β’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30120 βΌ
π Read
via "National Vulnerability Database".
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reportingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1742 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30118 βΌ
π Read
via "National Vulnerability Database".
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1517 βΌ
π Read
via "National Vulnerability Database".
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2121 βΌ
π Read
via "National Vulnerability Database".
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30651 βΌ
π Read
via "National Vulnerability Database".
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1746 βΌ
π Read
via "National Vulnerability Database".
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1524 βΌ
π Read
via "National Vulnerability Database".
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.π Read
via "National Vulnerability Database".
π΄ Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say π΄
π Read
via "Dark Reading".
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable β but is "attackability" the best method for prioritizing bugs?π Read
via "Dark Reading".
Dark Reading
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable β but is "attackability" the best method for prioritizing bugs?
βΌ CVE-2022-22390 βΌ
π Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42056 βΌ
π Read
via "National Vulnerability Database".
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29578 βΌ
π Read
via "National Vulnerability Database".
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39047 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33910 βΌ
π Read
via "National Vulnerability Database".
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.π Read
via "National Vulnerability Database".