โผ CVE-2023-41945 โผ
๐ Read
via "National Vulnerability Database".
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41941 โผ
๐ Read
via "National Vulnerability Database".
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41946 โผ
๐ Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.๐ Read
via "National Vulnerability Database".
๐ด Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer ๐ด
๐ Read
via "Dark Reading".
Researchers have discovered that despite Google's adoption of the Manifest V3 security standard to protect against malicious plug-ins, attackers can still get bad extensions past its review process.๐ Read
via "Dark Reading".
Dark Reading
Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer
Researchers have discovered that despite Google's adoption of the Manifest V3 security standard to protect against malicious plug-ins, attackers can still get bad extensions past its review process.
๐1
๐ด Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility ๐ด
๐ Read
via "Dark Reading".
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.๐ Read
via "Dark Reading".
Dark Reading
Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
๐ด MinIO Attack Showcases Fresh Corporate Cloud Attack Vector ๐ด
๐ Read
via "Dark Reading".
The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.๐ Read
via "Dark Reading".
Dark Reading
MinIO Cyberattack Showcases Fresh Corporate Cloud Vector
The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.
โผ CVE-2023-4498 โผ
๐ Read
via "National Vulnerability Database".
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36646 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20250 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.๐ Read
via "National Vulnerability Database".
๐ด AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses ๐ด
๐ Read
via "Dark Reading".
All it takes is a simple copy-paste to undo a VPN service used by millions worldwide.๐ Read
via "Dark Reading".
Dark Reading
AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses
All it takes is a simple copy-paste to undo a VPN service used by millions worldwide.
โผ CVE-2020-10130 โผ
๐ Read
via "National Vulnerability Database".
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38484 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that couldร allow an attacker to execute arbitrary code early in the bootร sequence. An attacker could exploit this vulnerability toร gain access to and change underlying sensitive informationร in the affected controller leading to complete systemร compromise.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38485 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that couldร allow an attacker to execute arbitrary code early in the bootร sequence. An attacker could exploit this vulnerability toร gain access to and change underlying sensitive informationร in the affected controller leading to complete systemร compromise.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-10132 โผ
๐ Read
via "National Vulnerability Database".
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41328 โผ
๐ Read
via "National Vulnerability Database".
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20263 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38486 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in the secure boot implementation on affectedร Aruba 9200 and 9000 Series Controllers and Gateways allowsร an attacker to bypass security controls which would normallyร prohibit unsigned kernel images from executing. An attackerร can use this vulnerability to execute arbitrary runtimeร operating systems, including unverified and unsigned OSร images.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0925 โผ
๐ Read
via "National Vulnerability Database".
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port).Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20243 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41050 โผ
๐ Read
via "National Vulnerability Database".
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41330 โผ
๐ Read
via "National Vulnerability Database".
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.## IssueOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.๐ Read
via "National Vulnerability Database".