‼ CVE-2023-40581 ‼
📖 Read
via "National Vulnerability Database".
yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.📖 Read
via "National Vulnerability Database".
🕴 UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack 🕴
📖 Read
via "Dark Reading".
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.📖 Read
via "Dark Reading".
Dark Reading
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
🕴 MOVEit Flaw Leads to 900 University Data Breaches 🕴
📖 Read
via "Dark Reading".
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment. 📖 Read
via "Dark Reading".
Dark Reading
MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
🕴 Xenomorph Android Malware Targets Customers of 30 US Banks 🕴
📖 Read
via "Dark Reading".
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.📖 Read
via "Dark Reading".
Dark Reading
Xenomorph Android Malware Targets Customers of 30 US Banks
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
‼ CVE-2022-4245 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4318 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43642 ‼
📖 Read
via "National Vulnerability Database".
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4137 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4244 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43132 ‼
📖 Read
via "National Vulnerability Database".
szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43644 ‼
📖 Read
via "National Vulnerability Database".
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43457 ‼
📖 Read
via "National Vulnerability Database".
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42753 ‼
📖 Read
via "National Vulnerability Database".
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42426 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43458 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5129 ‼
📖 Read
via "National Vulnerability Database".
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.📖 Read
via "National Vulnerability Database".
🦿 How to Create and Copy SSH Keys with 2 Simple Commands 🦿
📖 Read
via "Tech Republic".
Learn how to create and copy SSH keys using just two simple commands. SSH keys provide a secure and convenient way to authenticate remote servers.📖 Read
via "Tech Republic".
TechRepublic
Video Tutorial: How to Create and Copy SSH Keys with 2 Simple Commands
Learn how to create and copy SSH keys using two simple commands. SSH keys provide a secure and convenient way to authenticate remote servers.
🕴 When It Comes to Email Security, The Cloud You Pick Matters 🕴
📖 Read
via "Dark Reading".
While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.📖 Read
via "Dark Reading".
Dark Reading
When It Comes to Email Security, the Cloud You Pick Matters
While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.
🤔1
‼ CVE-2023-43326 ‼
📖 Read
via "National Vulnerability Database".
mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-38907 ‼
📖 Read
via "National Vulnerability Database".
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43278 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.📖 Read
via "National Vulnerability Database".