βΌ CVE-2023-38500 βΌ
π Read
via "National Vulnerability Database".
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37460 βΌ
π Read
via "National Vulnerability Database".
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38493 βΌ
π Read
via "National Vulnerability Database".
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37907 βΌ
π Read
via "National Vulnerability Database".
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46902 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31458 βΌ
π Read
via "National Vulnerability Database".
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37257 βΌ
π Read
via "National Vulnerability Database".
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46900 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37677 βΌ
π Read
via "National Vulnerability Database".
Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37919 βΌ
π Read
via "National Vulnerability Database".
Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.π Read
via "National Vulnerability Database".
β Apple ships that recent βRapid Responseβ spyware patch to everyone, fixes a second zero-day β
π Read
via "Naked Security".
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-3945 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38503 βΌ
π Read
via "National Vulnerability Database".
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31457 βΌ
π Read
via "National Vulnerability Database".
RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38502 βΌ
π Read
via "National Vulnerability Database".
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38501 βΌ
π Read
via "National Vulnerability Database".
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38496 βΌ
π Read
via "National Vulnerability Database".
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.π Read
via "National Vulnerability Database".
β Zenbleed: How the quest for CPU performance could put your passwords at risk β
π Read
via "Naked Security".
"You need to turn on a special setting to stop the code you wrote to stop the code you wrote to improve performance from reducing performance from reducing security."π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-32629 βΌ
π Read
via "National Vulnerability Database".
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernelsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2640 βΌ
π Read
via "National Vulnerability Database".
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3947 βΌ
π Read
via "National Vulnerability Database".
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.π Read
via "National Vulnerability Database".