βΌ CVE-2023-3314 βΌ
π Read
via "National Vulnerability Database".
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3313 βΌ
π Read
via "National Vulnerability Database".
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3438 βΌ
π Read
via "National Vulnerability Database".
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35797 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it wasΓ possible to bypass the security check to RCE viaprincipal parameter. For this to beΓ exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid thisΓ vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36053 βΌ
π Read
via "National Vulnerability Database".
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.π Read
via "National Vulnerability Database".
π΄ A CISO's Guide to Paying Down Software Supply Chain Security Debt π΄
π Read
via "Dark Reading".
When you just keep filing it away to handle "someday," security debt typically rears its head when you are most vulnerable and can least afford to pay it.π Read
via "Dark Reading".
Dark Reading
A CISO's Guide to Paying Down Software Supply Chain Security Debt
When you just keep filing it away to handle "someday," security debt typically rears its head when you are most vulnerable and can least afford to pay it.
π΄ Name That Edge Toon: Three-Ring Circus π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Three-Ring Circus
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ SSH Servers Hit in 'Proxyjacking' Cyberattacks π΄
π Read
via "Dark Reading".
Cybercriminals employ obfuscated script to stealthily hijack victim server bandwidth for use in legitimate proxy networks.π Read
via "Dark Reading".
Dark Reading
SSH Servers Hit in 'Proxyjacking' Cyberattacks
Cybercriminals employ obfuscated script to stealthily hijack victim server bandwidth for use in legitimate proxy networks.
βοΈ Whoβs Behind the DomainNetworks Snail Mail Scam? βοΈ
π Read
via "Krebs on Security".
If you've ever owned a domain name, the chances are good that at some point you've received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don't need, and probably will never receive. Here's a look at the most recent incarnation of this scam -- DomainNetworks -- and some clues about who may be behind it.π Read
via "Krebs on Security".
Krebs on Security
Whoβs Behind the DomainNetworks Snail Mail Scam?
If you've ever owned a domain name, the chances are good that at some point you've received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try toβ¦
βΌ CVE-2023-26509 βΌ
π Read
via "National Vulnerability Database".
AnyDesk 7.0.8 allows remote Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26258 βΌ
π Read
via "National Vulnerability Database".
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.π Read
via "National Vulnerability Database".
β WordPress plugin lets users become admins β Patch early, patch often! β
π Read
via "Naked Security".
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.π Read
via "Naked Security".
Naked Security
WordPress plugin lets users become admins β Patch early, patch often!
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.
π΄ Israel Aided UAE in Defending Against DDoS Attack π΄
π Read
via "Dark Reading".
Israel's cyber head points finger at Iran-backed MuddyWater APT group as the perpetrator of a recent attack against a university.π Read
via "Dark Reading".
Dark Reading
Israel Aided UAE in Defending Against DDoS Attack
Israel's cyber head points finger at Iran-backed MuddyWater APT group as the perpetrator of a recent attack against a university.
βΌ CVE-2023-3497 βΌ
π Read
via "National Vulnerability Database".
Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-34450 βΌ
π Read
via "National Vulnerability Database".
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to "debug" level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`.Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node.In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node's peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded.The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated.As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that "for" loop to never be reached).This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don't set the log output to "json", leave at "plain", or don't set the consensus logging module to "debug", leave it at "info" or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one's nginx setup).π Read
via "National Vulnerability Database".
βΌ CVE-2023-35935 βΌ
π Read
via "National Vulnerability Database".
@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vulnerable to cross site request forgery (CSRF) prior to version 7.2.0.. All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is to prevent CSRF attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. Version 7.2.0 changes the default behavior to store the `state` in a cookie with the `http-only` and `same-site=lax` attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the `checkStateFunction` function, which now accepts the full `Request` object. There are no known workarounds for the issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34451 βΌ
π Read
via "National Vulnerability Database".
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map.These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node.The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36814 βΌ
π Read
via "National Vulnerability Database".
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36816 βΌ
π Read
via "National Vulnerability Database".
2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.π Read
via "National Vulnerability Database".
π΄ Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group π΄
π Read
via "Dark Reading".
Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real β downed communications and compromised data.π Read
via "Dark Reading".
Dark Reading
Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group
Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real β downed communications and compromised data.
βΌ CVE-2023-36819 βΌ
π Read
via "National Vulnerability Database".
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8.π Read
via "National Vulnerability Database".