๐จ CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
๐@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
๐@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressingโฆ by afeng2016-s ยท Pull Request #537 ยท pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
๐จ CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
๐@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
๐@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressingโฆ by afeng2016-s ยท Pull Request #537 ยท pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
๐จ CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
๐@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
๐@cveNotify
GitHub
The method of extracting the zip file has a path traversal vulnerability ยท Issue #536 ยท pf4j/pf4j
description Dear project developers, I use SpringBoot and pf4j to implement the system's extension plug-in function, the use of zip or jar package format is very easy to expand the system. When...
๐จ CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
๐@cveNotify
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
๐@cveNotify
GitHub
The uploaded malicious plug-in is parsed and the command is executed ยท Issue #15 ยท perfree/PerfreeBlog
Vulnerability information PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly ...
๐จ CVE-2023-40781
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
๐@cveNotify
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
๐@cveNotify
GitHub
heap-buffer-overflow in r_readc() at fromswf.c:264 ยท Issue #288 ยท libming/libming
A heap buffer overflow occurs when makeswf parse a invalid swf file, and the filename extension is .swf. Test Environment Ubuntu 20.04, 64 bit libming (master 04aee52) Steps to reproduce compile li...
๐จ CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
๐@cveNotify
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
๐@cveNotify
Gist
CVE-2023-39059
CVE-2023-39059. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2023-34725
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
๐@cveNotify
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
๐@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
๐จ CVE-2023-34724
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
๐@cveNotify
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
๐@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
๐จ CVE-2023-39650
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
๐@cveNotify
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
๐@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-39650] Improper neutralization of SQL parameters in Theme Volty CMS Blog module for PrestaShop
In the module โTheme Volty CMS Blogโ (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
๐จ CVE-2023-28980
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).
This issue affects:
Juniper Networks Junos OS
* 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
* 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
* 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
* 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
* 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
* 21.3 version 21.3R2 and later versions prior to 21.3R3;
* 21.4 versions prior to 21.4R2-S1, 21.4R3;
* 22.1 versions prior to 22.1R2.
Juniper Networks Junos OS Evolved
* 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
* 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
* 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
* 22.1-EVO versions prior to 22.1R2-EVO.
๐@cveNotify
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).
This issue affects:
Juniper Networks Junos OS
* 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
* 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
* 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
* 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
* 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
* 21.3 version 21.3R2 and later versions prior to 21.3R3;
* 21.4 versions prior to 21.4R2-S1, 21.4R3;
* 22.1 versions prior to 22.1R2.
Juniper Networks Junos OS Evolved
* 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
* 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
* 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
* 22.1-EVO versions prior to 22.1R2-EVO.
๐@cveNotify
๐จ CVE-2023-40254
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Genians Documentation
GN-SA-2023-001: Genian NAC - Multiple Vulnerabilities
๋ ์ง: 2023๋
08์ 01์ผ. ์ํฅ๋: ๋์. ๋ด์ฉ: ์ง๋์ธ์ค ์
๋ฐ์ดํธ ์๋ฒ์์ ์๋ ์ทจ์ฝ์ ์ ๋ฐ๊ฒฌํ์ฌ ์กฐ์น๋ฅผ ์งํํ์ผ๋ฉฐ ์ถ๊ฐ์ ์ผ๋ก ์ ํ ๋ณด์์ฑ ๊ฐํ๋ฅผ ์ํ ๋ณด์ ์
๋ฐ์ดํธ๋ฅผ ๋ฐํํ์ต๋๋ค. ํด๋น ๋ฒ์ ์ ์ฌ์ฉํ๋ ์ด์ฉ์๋ค์ ์ต์ ๋ฒ์ ์ผ๋ก ์
๋ฐ์ดํธ๋ฅผ ๊ถ๊ณ ํฉ๋๋ค. ํ๋ฌธ ๋
ธ์ถ ์ทจ์ฝ์ (CVE-2023-40251), ๋น์ธ๊ฐ ์คํฌ๋ฆฝํธ ์คํ ์ทจ์ฝ์ (CVE-2023-40252), ๋ถ์ ์ ํ ์ธ์ฆ ์ทจ์ฝ์ (CVE-2023-40253), ๋ฌด๊ฒฐ์ฑ ๊ฒ์ฆ ๋ฏธํก ์ทจ์ฝ์ (CVE-2023โฆ
๐จ CVE-2023-40253
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Genians Documentation
GN-SA-2023-001: Genian NAC - Multiple Vulnerabilities
๋ ์ง: 2023๋
08์ 01์ผ. ์ํฅ๋: ๋์. ๋ด์ฉ: ์ง๋์ธ์ค ์
๋ฐ์ดํธ ์๋ฒ์์ ์๋ ์ทจ์ฝ์ ์ ๋ฐ๊ฒฌํ์ฌ ์กฐ์น๋ฅผ ์งํํ์ผ๋ฉฐ ์ถ๊ฐ์ ์ผ๋ก ์ ํ ๋ณด์์ฑ ๊ฐํ๋ฅผ ์ํ ๋ณด์ ์
๋ฐ์ดํธ๋ฅผ ๋ฐํํ์ต๋๋ค. ํด๋น ๋ฒ์ ์ ์ฌ์ฉํ๋ ์ด์ฉ์๋ค์ ์ต์ ๋ฒ์ ์ผ๋ก ์
๋ฐ์ดํธ๋ฅผ ๊ถ๊ณ ํฉ๋๋ค. ํ๋ฌธ ๋
ธ์ถ ์ทจ์ฝ์ (CVE-2023-40251), ๋น์ธ๊ฐ ์คํฌ๋ฆฝํธ ์คํ ์ทจ์ฝ์ (CVE-2023-40252), ๋ถ์ ์ ํ ์ธ์ฆ ์ทจ์ฝ์ (CVE-2023-40253), ๋ฌด๊ฒฐ์ฑ ๊ฒ์ฆ ๋ฏธํก ์ทจ์ฝ์ (CVE-2023โฆ
๐จ CVE-2023-40252
Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
๐จ CVE-2023-40251
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
๐@cveNotify
๐จ CVE-2023-1995
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
๐@cveNotify
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
๐@cveNotify
Hitachi
hitachi-sec-2023-133: Vulnerability in HiRDB
A Vulnerability (CVE-2023-1995) have been found in HiRDB.
๐จ CVE-2023-0664
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
๐@cveNotify
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
๐@cveNotify
๐จ CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
๐@cveNotify
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
๐@cveNotify
๐จ CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
๐@cveNotify
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
๐@cveNotify
๐จ CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
๐@cveNotify
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
๐@cveNotify
GitHub
bgpd: Check the length of the rcv software version by ton31337 ยท Pull Request #14241 ยท FRRouting/frr
Make sure we don't exceed the maximum of BGP_MAX_SOFT_VERSION.
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
๐จ CVE-2023-41360
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
๐@cveNotify
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
๐@cveNotify
GitHub
bgpd: Don't read the first byte of ORF header if we are ahead of stream by ton31337 ยท Pull Request #14245 ยท FRRouting/frr
Reported-by: Iggy Frankovic iggyfran@amazon.com
๐จ CVE-2023-41359
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
๐@cveNotify
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
๐@cveNotify
GitHub
bgpd: Make sure we have enough data to read two bytes when validating AIGP by ton31337 ยท Pull Request #14232 ยท FRRouting/frr
Found when fuzzing:
==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50
READ of size 2 at 0xffff77801ef7 thre...
==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50
READ of size 2 at 0xffff77801ef7 thre...