‼ CVE-2023-35935 ‼
📖 Read
via "National Vulnerability Database".
@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vulnerable to cross site request forgery (CSRF) prior to version 7.2.0.. All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is to prevent CSRF attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. Version 7.2.0 changes the default behavior to store the `state` in a cookie with the `http-only` and `same-site=lax` attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the `checkStateFunction` function, which now accepts the full `Request` object. There are no known workarounds for the issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34451 ‼
📖 Read
via "National Vulnerability Database".
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map.These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node.The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36814 ‼
📖 Read
via "National Vulnerability Database".
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36816 ‼
📖 Read
via "National Vulnerability Database".
2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.📖 Read
via "National Vulnerability Database".
🕴 Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group 🕴
📖 Read
via "Dark Reading".
Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real — downed communications and compromised data.📖 Read
via "Dark Reading".
Dark Reading
Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group
Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real — downed communications and compromised data.
‼ CVE-2023-36819 ‼
📖 Read
via "National Vulnerability Database".
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36815 ‼
📖 Read
via "National Vulnerability Database".
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36817 ‼
📖 Read
via "National Vulnerability Database".
`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.📖 Read
via "National Vulnerability Database".
🕴 Researchers Develop Exploit Code for Critical Fortinet VPN Bug 🕴
📖 Read
via "Dark Reading".
Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue.📖 Read
via "Dark Reading".
Dark Reading
Researchers Develop Exploit Code for Critical Fortinet VPN Bug
Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue.
‼ CVE-2023-36377 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36183 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22153 ‼
📖 Read
via "National Vulnerability Database".
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22151 ‼
📖 Read
via "National Vulnerability Database".
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22152 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36608 ‼
📖 Read
via "National Vulnerability Database".
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3395 ‼
📖 Read
via "National Vulnerability Database".
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36609 ‼
📖 Read
via "National Vulnerability Database".
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37378 ‼
📖 Read
via "National Vulnerability Database".
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36262 ‼
📖 Read
via "National Vulnerability Database".
An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to obtain sensitive information via the password parameter in locale/ca-ini.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2727 ‼
📖 Read
via "National Vulnerability Database".
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36291 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.📖 Read
via "National Vulnerability Database".