βΌ CVE-2023-34193 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-29382 βΌ
π Read
via "National Vulnerability Database".
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36830 βΌ
π Read
via "National Vulnerability Database".
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue.The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36823 βΌ
π Read
via "National Vulnerability Database".
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37453 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30321 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37260 βΌ
π Read
via "National Vulnerability Database".
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34192 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29381 βΌ
π Read
via "National Vulnerability Database".
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.π Read
via "National Vulnerability Database".
β S3 Ep142: Putting the X in X-Ops β
π Read
via "Naked Security".
How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.π Read
via "Naked Security".
Naked Security
S3 Ep142: Putting the X in X-Ops
How to get all your corporate βOpsβ teams working together, with cybersecurity correctness as a guiding light.
π€―1
π΄ Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic π΄
π Read
via "Dark Reading".
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.π Read
via "Dark Reading".
Dark Reading
Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.
π΄ Shell Becomes Latest Cl0p MOVEit Victim π΄
π Read
via "Dark Reading".
In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.π Read
via "Dark Reading".
Dark Reading
Shell Becomes Latest Cl0p MOVEit Victim
In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.
βΌ CVE-2023-3528 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36461 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36459 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3529 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1298 βΌ
π Read
via "National Vulnerability Database".
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36460 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36456 βΌ
π Read
via "National Vulnerability Database".
authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.This poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
π΄ Black Hat Announces Maria Markstedter, Jen Easterly, Viktor Zhora, and Kemba Walden As Keynote Speakers for Black Hat USA 2023 π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Black Hat Announces Maria Markstedter, Jen Easterly, Viktor Zhora, and Kemba Walden As Keynote Speakers for Black Hat USA 2023
SAN FRANCISCO, July 6, 2023 β Black Hat, the producer of the cybersecurity industryβs most established and in-depth security events, today announced Maria Markstedter, Founder of Azeria Labs; Jen Easterly, Director of the Cybersecurity and Infrastructureβ¦
π΄ StackRot Linux Kernel Bug Has Exploit Code on the Way π΄
π Read
via "Dark Reading".
Linus Torvalds led a Linux kernel team in developing a set of patches that should be available by the end of July.π Read
via "Dark Reading".
Dark Reading
StackRot Linux Kernel Bug Has Exploit Code on the Way
Linus Torvalds led a Linux kernel team in developing a set of patches for the privilege escalation flaw.