π΄ Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic π΄
π Read
via "Dark Reading".
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.π Read
via "Dark Reading".
Dark Reading
Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.
π΄ Shell Becomes Latest Cl0p MOVEit Victim π΄
π Read
via "Dark Reading".
In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.π Read
via "Dark Reading".
Dark Reading
Shell Becomes Latest Cl0p MOVEit Victim
In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.
βΌ CVE-2023-3528 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36461 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36459 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3529 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1298 βΌ
π Read
via "National Vulnerability Database".
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36460 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36456 βΌ
π Read
via "National Vulnerability Database".
authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.This poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
π΄ Black Hat Announces Maria Markstedter, Jen Easterly, Viktor Zhora, and Kemba Walden As Keynote Speakers for Black Hat USA 2023 π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Black Hat Announces Maria Markstedter, Jen Easterly, Viktor Zhora, and Kemba Walden As Keynote Speakers for Black Hat USA 2023
SAN FRANCISCO, July 6, 2023 β Black Hat, the producer of the cybersecurity industryβs most established and in-depth security events, today announced Maria Markstedter, Founder of Azeria Labs; Jen Easterly, Director of the Cybersecurity and Infrastructureβ¦
π΄ StackRot Linux Kernel Bug Has Exploit Code on the Way π΄
π Read
via "Dark Reading".
Linus Torvalds led a Linux kernel team in developing a set of patches that should be available by the end of July.π Read
via "Dark Reading".
Dark Reading
StackRot Linux Kernel Bug Has Exploit Code on the Way
Linus Torvalds led a Linux kernel team in developing a set of patches for the privilege escalation flaw.
βΌ CVE-2023-3531 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30195 βΌ
π Read
via "National Vulnerability Database".
In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35934 βΌ
π Read
via "National Vulnerability Database".
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scopingSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36462 βΌ
π Read
via "National Vulnerability Database".
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29824 βΌ
π Read
via "National Vulnerability Database".
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20899 βΌ
π Read
via "National Vulnerability Database".
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36859 βΌ
π Read
via "National Vulnerability Database".
PiiGAB M-Bus SoftwarePack 900Sdoes not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36829 βΌ
π Read
via "National Vulnerability Database".
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31277 βΌ
π Read
via "National Vulnerability Database".
PiiGAB M-Bus transmits credentials in plaintext format.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33868 βΌ
π Read
via "National Vulnerability Database".
The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.π Read
via "National Vulnerability Database".
β€1