βΌ CVE-2023-40797 βΌ
π Read
via "National Vulnerability Database".
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38201 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11711 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40796 βΌ
π Read
via "National Vulnerability Database".
Phicomm k2 v22.6.529.216 is vulnerable to command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40798 βΌ
π Read
via "National Vulnerability Database".
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ XLoader Malware Variant Targets MacOS Disguised as OfficeNote App π¦Ώ
π Read
via "Tech Republic".
A new variant of malware called XLoader is targeting macOS users. XLoaderβs execution, functionalities and distribution are detailed.π Read
via "Tech Republic".
TechRepublic
XLoader Malware Variant Targets MacOS Disguised as OfficeNote App
A new variant of malware called XLoader is targeting macOS users. Learn more about how to protect yourself from this malicious software.
π΄ Luna Grabber Malware Targets Roblox Gaming Devs π΄
π Read
via "Dark Reading".
Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by βpromot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.βπ Read
via "Dark Reading".
Dark Reading
Luna Grabber Malware Targets Roblox Gaming Devs
Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by βpromot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.β
π΄ China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns π΄
π Read
via "Dark Reading".
The cyber espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.π Read
via "Dark Reading".
Dark Reading
China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns
The cyber-espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.
βΌ CVE-2023-25848 βΌ
π Read
via "National Vulnerability Database".
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2019-13689 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)π Read
via "National Vulnerability Database".
βΌ CVE-2019-13690 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-39600 βΌ
π Read
via "National Vulnerability Database".
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24621 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40579 βΌ
π Read
via "National Vulnerability Database".
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32678 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40164 βΌ
π Read
via "National Vulnerability Database".
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37249 βΌ
π Read
via "National Vulnerability Database".
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40585 βΌ
π Read
via "National Vulnerability Database".
ironic-image is a container image to run OpenStack Ironic as part of MetalΓΒ³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40587 βΌ
π Read
via "National Vulnerability Database".
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38712 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.π Read
via "National Vulnerability Database".