‼ CVE-2023-36811 ‼
📖 Read
via "National Vulnerability Database".
borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40184 ‼
📖 Read
via "National Vulnerability Database".
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40582 ‼
📖 Read
via "National Vulnerability Database".
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41039 ‼
📖 Read
via "National Vulnerability Database".
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
🕴 APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware 🕴
📖 Read
via "Dark Reading".
A sophisticated threat actor managed to fly under the radar for three years, despite flexing serious muscle.📖 Read
via "Dark Reading".
Dark Reading
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware
A sophisticated threat actor managed to fly under the radar for three years, despite flexing serious muscle.
🕴 Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps 🕴
📖 Read
via "Dark Reading".
Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.📖 Read
via "Dark Reading".
Dark Reading
Chinese Group Spreads Android Spyware via Trojan Signal, Telegram Apps
Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.
❤1
🦿 FBI-Led Global Effort Takes Down Massive Qakbot Botnet 🦿
📖 Read
via "Tech Republic".
After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now.📖 Read
via "Tech Republic".
TechRepublic
FBI-Led Global Effort Takes Down Massive Qakbot Botnet
After 15+ years in the wild, the Qakbot botnet, a zombie network of over 700K computers worldwide, is hanging on the FBI's trophy wall.
‼ CVE-2023-39137 ‼
📖 Read
via "National Vulnerability Database".
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41041 ‼
📖 Read
via "National Vulnerability Database".
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the database. After that, the node operates solely on the cached session. Modifications to sessions will update the cached version as well as the session persisted in the database. However, each node maintains their isolated version of the session. When the user logs out, the session is removed from the node-local cache and deleted from the database. The other nodes will however still use the cached session. These nodes will only fail to accept the session id if they intent to update the session in the database. They will then notice that the session is gone. This is true for most API requests originating from user interaction with the Graylog UI because these will lead to an update of the session's "last access" timestamp. If the session update is however prevented by setting the `X-Graylog-No-Session-Extension:true` header in the request, the node will consider the (cached) session valid until the session is expired according to its timeout setting. No session identifiers are leaked. After a user has logged out, the UI shows the login screen again, which gives the user the impression that their session is not valid anymore. However, if the session becomes compromised later, it can still be used to perform API requests against the Graylog cluster. The time frame for this is limited to the configured session lifetime, starting from the time when the user logged out. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41040 ‼
📖 Read
via "National Vulnerability Database".
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41163 ‼
📖 Read
via "National Vulnerability Database".
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39139 ‼
📖 Read
via "National Vulnerability Database".
An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39138 ‼
📖 Read
via "National Vulnerability Database".
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39136 ‼
📖 Read
via "National Vulnerability Database".
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23765 ‼
📖 Read
via "National Vulnerability Database".
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31714 ‼
📖 Read
via "National Vulnerability Database".
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38970 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39135 ‼
📖 Read
via "National Vulnerability Database".
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4653 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4650 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4654 ‼
📖 Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.📖 Read
via "National Vulnerability Database".