βΌ CVE-2023-36480 βΌ
π Read
via "National Vulnerability Database".
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29689 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4135 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29505 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.π Read
via "National Vulnerability Database".
β βCrocodile of Wall Streetβ and her husband plead guilty to giant-sized cryptocrimes β
π Read
via "Naked Security".
Sentences still to be decided, but she could get up to 10 years and he could get as many as 20. π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-39143 βΌ
π Read
via "National Vulnerability Database".
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-37470 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38691 βΌ
π Read
via "National Vulnerability Database".
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41401 βΌ
π Read
via "National Vulnerability Database".
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38497 βΌ
π Read
via "National Vulnerability Database".
Cargo downloads the Rust projectΓ’β¬β’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38688 βΌ
π Read
via "National Vulnerability Database".
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38487 βΌ
π Read
via "National Vulnerability Database".
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one.When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed.Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database.This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38494 βΌ
π Read
via "National Vulnerability Database".
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39112 βΌ
π Read
via "National Vulnerability Database".
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38964 βΌ
π Read
via "National Vulnerability Database".
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37896 βΌ
π Read
via "National Vulnerability Database".
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38686 βΌ
π Read
via "National Vulnerability Database".
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38690 βΌ
π Read
via "National Vulnerability Database".
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38689 βΌ
π Read
via "National Vulnerability Database".
Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.π Read
via "National Vulnerability Database".
π΄ Hawaii's Gemini North Observatory Suspended After Cyberattack π΄
π Read
via "Dark Reading".
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.π Read
via "Dark Reading".
Dark Reading
Hawaii's Gemini North Observatory Suspended After Cyberattack
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.
π΄ Burger King Serves Up Sensitive Data, No Mayo π΄
π Read
via "Dark Reading".
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.π Read
via "Dark Reading".
Dark Reading
Burger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.