βΌ CVE-2023-38497 βΌ
π Read
via "National Vulnerability Database".
Cargo downloads the Rust projectΓ’β¬β’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38688 βΌ
π Read
via "National Vulnerability Database".
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38487 βΌ
π Read
via "National Vulnerability Database".
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one.When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed.Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database.This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38494 βΌ
π Read
via "National Vulnerability Database".
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39112 βΌ
π Read
via "National Vulnerability Database".
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38964 βΌ
π Read
via "National Vulnerability Database".
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37896 βΌ
π Read
via "National Vulnerability Database".
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38686 βΌ
π Read
via "National Vulnerability Database".
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38690 βΌ
π Read
via "National Vulnerability Database".
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38689 βΌ
π Read
via "National Vulnerability Database".
Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.π Read
via "National Vulnerability Database".
π΄ Hawaii's Gemini North Observatory Suspended After Cyberattack π΄
π Read
via "Dark Reading".
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.π Read
via "Dark Reading".
Dark Reading
Hawaii's Gemini North Observatory Suspended After Cyberattack
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.
π΄ Burger King Serves Up Sensitive Data, No Mayo π΄
π Read
via "Dark Reading".
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.π Read
via "Dark Reading".
Dark Reading
Burger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.
βΌ CVE-2023-33377 βΌ
π Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39552 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-39107 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33378 βΌ
π Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33376 βΌ
π Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33372 βΌ
π Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4157 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38698 βΌ
π Read
via "National Vulnerability Database".
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33373 βΌ
π Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.π Read
via "National Vulnerability Database".