βΌ CVE-2022-48306 βΌ
π Read
via "National Vulnerability Database".
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23558 βΌ
π Read
via "National Vulnerability Database".
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24236 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48307 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27892 βΌ
π Read
via "National Vulnerability Database".
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27890 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24238 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40555 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48308 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27891 βΌ
π Read
via "National Vulnerability Database".
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3843 βΌ
π Read
via "National Vulnerability Database".
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22578 βΌ
π Read
via "National Vulnerability Database".
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25153 βΌ
π Read
via "National Vulnerability Database".
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27897 βΌ
π Read
via "National Vulnerability Database".
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23926 βΌ
π Read
via "National Vulnerability Database".
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22580 βΌ
π Read
via "National Vulnerability Database".
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22579 βΌ
π Read
via "National Vulnerability Database".
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25173 βΌ
π Read
via "National Vulnerability Database".
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.π Read
via "National Vulnerability Database".
β S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
Latest episode β listen now! (Full transcript inside.)
π1
βΌ CVE-2023-23947 βΌ
π Read
via "National Vulnerability Database".
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. Either modify the RBAC configuration to completely revoke all `clusters, update` access, or use the `destinations` and `clusterResourceWhitelist` fields to apply similar restrictions as the `namespaces` and `clusterResources` fields.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24485 βΌ
π Read
via "National Vulnerability Database".
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.π Read
via "National Vulnerability Database".