๐จ CVE-2023-28099
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.
๐@cveNotify
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.
๐@cveNotify
GitHub
dispatcher: Fix IP printing on error case ยท OpenSIPS/opensips@e2f13d3
Many thanks to @Cossack9989 for the report!
Fixes #2780
Fixes #2780
๐จ CVE-2023-28098
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.
๐@cveNotify
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.
๐@cveNotify
GitHub
parse_param_name(): Improve param parsing macros ยท OpenSIPS/opensips@dd9141b
Issue discovered during OpenSIPS Security Audit 2021,
by Alfred Farrugia & Sandro Gauci (Enable Security)
https://github.com/OpenSIPS/opensips/security/advisories/GHSA-jrqg-vppj-hr2h
by Alfred Farrugia & Sandro Gauci (Enable Security)
https://github.com/OpenSIPS/opensips/security/advisories/GHSA-jrqg-vppj-hr2h
๐จ CVE-2023-28097
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.
๐@cveNotify
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.
๐@cveNotify
GitHub
Vulnerability in the Content-Length Parser
### Impact
A malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI
causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of...
A malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI
causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of...
๐จ CVE-2023-24468
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
๐@cveNotify
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
๐@cveNotify
๐จ CVE-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
๐@cveNotify
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
๐@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
๐จ CVE-2023-1389
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
๐@cveNotify
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
๐@cveNotify
Tenableยฎ
Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800)
Researchers at Tenable discovered an unauthenticated command injection in the web management interface of the TP-Link Archer AX21 (AX1800). This issue was also independently discovered by other research teams, as noted in ZDI-23-451.
๐จ CVE-2022-4313
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
๐@cveNotify
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
๐@cveNotify
Tenableยฎ
[R1] Tenable Plugin Feed ID #202212081952 Fixes Arbitrary Code Execution Vulnerability
Audit files that are built into the Tenable products provide capability to adjust the audit evaluation to meet organizational requirements. A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable productsโฆ
๐จ CVE-2023-28466
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
๐@cveNotify
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
๐@cveNotify
๐จ CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
๐@cveNotify
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
๐@cveNotify
GitHub
Escape control characters in log messages and "sudoreplay -l" output. ยท sudo-project/sudo@334daf9
The log message contains user-controlled strings that could include
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that...
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that...
๐จ CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
๐@cveNotify
Sudo before 1.9.13 does not escape control characters in log messages.
๐@cveNotify
GitHub
Escape control characters in log messages and "sudoreplay -l" output. ยท sudo-project/sudo@334daf9
The log message contains user-controlled strings that could include
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that...
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that...
๐จ CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
๐@cveNotify
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
๐@cveNotify
๐จ CVE-2023-25281
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
๐@cveNotify
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
๐@cveNotify
D-Link
Security Bulletin
๐จ CVE-2023-25280
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
๐@cveNotify
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
๐@cveNotify
D-Link
Security Bulletin
๐จ CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
๐@cveNotify
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
๐@cveNotify
GitHub
[Bug] Hippo4j monitors system information leakage ยท Issue #1061 ยท opengoofy/hippo4j
ConfigVerifyController for the Tenant Management module of hippo4j. There are information leakage vulnerabilities, unauthorized access vulnerabilities in authority promotion, The vulnerability is t...
๐จ CVE-2023-27084
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
๐@cveNotify
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
๐@cveNotify
GitHub
Dreamer CMS overreach loophole ยท Issue #9 ยท iteachyou-wjn/dreamer_cms
Hello, I'm Li Jiakun, a security researcher Affected version: 4.0.0 Any user can access the port without verifying the current user information Background applications do not control permission...
๐จ CVE-2023-26784
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
๐@cveNotify
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
๐@cveNotify
tosec.com.cn
ไธญ่ฟ้บ้บๅ กๅๆบ_ๅ กๅๆบ_ไธ้ฎๅฎ่ฃ
ๆฏๆๅคไบๅๅจๆๅฃไปคๆฐๆฎๅบๅฎก่ฎก็ๅ กๅๆบ_ๅฎ็ฝ
ๅ กๅๆบ,ๅ กๅๆบ,ไธญ่ฟ้บ้บๅ กๅๆบ,่ฟ็ปดๅฎก่ฎก็ณป็ป
๐จ CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
๐@cveNotify
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
๐@cveNotify
๐จ CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
๐@cveNotify
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
๐@cveNotify
GitHub
Fixed an issue affecting recursions in JIT ยท PCRE2Project/pcre2@03654e7
PCRE2 development is based here. Contribute to PCRE2Project/pcre2 development by creating an account on GitHub.
๐จ CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
๐@cveNotify
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
๐@cveNotify
๐จ CVE-2023-24571
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
๐@cveNotify
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
๐@cveNotify
Dell
DSA-2023-046: Dell Client Platform Security Update for BIOS Vulnerabilities | Dell US
Dell Client Platform remediation is available for an improper input validation vulnerability that could be exploited by malicious users to compromise the affected system.
๐1
๐จ CVE-2022-46773
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
๐@cveNotify
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
๐@cveNotify
Ibmcloud
IBM Robotic Process Automation security bypass CVE-2022-46773 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers