βΌ CVE-2022-3261 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40588 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41325 βΌ
π Read
via "National Vulnerability Database".
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is opteeΓ’β¬β’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable Γ’β¬ΛeΓ’β¬β’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41042 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0813 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40018 βΌ
π Read
via "National Vulnerability Database".
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37459 βΌ
π Read
via "National Vulnerability Database".
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40019 βΌ
π Read
via "National Vulnerability Database".
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38706 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38507 βΌ
π Read
via "National Vulnerability Database".
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40167 βΌ
π Read
via "National Vulnerability Database".
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37281 βΌ
π Read
via "National Vulnerability Database".
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36160 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39612 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39777 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38040 βΌ
π Read
via "National Vulnerability Database".
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..π Read
via "National Vulnerability Database".
π’ Are you ready for NIS2? π’
π Read
via "ITPro".
Find out what you should be doing to prepare for the EUβs latest data protection regulation and UK equivalent with our free webinar π Read
via "ITPro".
ITPro
Are you ready for NIS2?
Find out what you should be doing to prepare for the EUβs latest data protection regulation and UK equivalent with our free webinar
π1
π΄ Evaluating New Partners and Vendors From an Identity Security Perspective π΄
π Read
via "Dark Reading".
Before working with new vendors, it's important to understand the potential risks they may pose to your digital environments.π Read
via "Dark Reading".
Dark Reading
Evaluating New Partners and Vendors From an Identity Security Perspective
Before working with new vendors, it's important to understand the potential risks they may pose to your digital environments.
π΄ AI in Software Development: The Good, the Bad, and the Dangerous π΄
π Read
via "Dark Reading".
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.π Read
via "Dark Reading".
Dark Reading
AI in Software Development: The Good, the Bad, and the Dangerous
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.
βΌ CVE-2023-5033 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42523 βΌ
π Read
via "National Vulnerability Database".
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.π Read
via "National Vulnerability Database".