๐จ CVE-2022-48510
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
๐@cveNotify
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2022-48507
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2022-48507
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2021-46892
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2021-46894
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
๐@cveNotify
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
๐@cveNotify
Harmonyos
July-2023-HarmonyOS Security Bulletins-Updates-HarmonyOSDevice
July HarmonyOS Security Bulletin - July 2023 This bulletin contains details aโฆโฆ
๐จ CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.
๐@cveNotify
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.
๐@cveNotify
HackerOne
Nextcloud disclosed on HackerOne: Control character filtering...
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w3h6-p64h-q9jp
๐จ CVE-2022-24897
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.
๐@cveNotify
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.
๐@cveNotify
GitHub
XWIKI-5168: Don't allow some methods in velocity introspector (#127) ยท xwiki/xwiki-commons@215951c
Common Modules used by other XWiki top level projects - XWIKI-5168: Don't allow some methods in velocity introspector (#127) ยท xwiki/xwiki-commons@215951c
๐จ CVE-2022-24906
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
๐@cveNotify
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
๐@cveNotify
GitHub
Keep exceptions http response generic by juliushaertl ยท Pull Request #3384 ยท nextcloud/deck
There is no need to return the exception details through the API as it is logged properly.
๐จ CVE-2022-41952
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
๐@cveNotify
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
๐@cveNotify
GitHub
Generating URL previews of media streams causing long-lived connections
### Impact
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will on...
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will on...
๐จ CVE-2022-41946
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
๐@cveNotify
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
๐@cveNotify
GitHub
Merge pull request from GHSA-562r-vg33-8x8h ยท pgjdbc/pgjdbc@9008dc9
* Fix: createTempFile vulnerability on unix like systems where temporary files can be read by other users on the system
* Update site with change logs and new version information
* Update site with change logs and new version information
๐จ CVE-2022-41935
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.
๐@cveNotify
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.
๐@cveNotify
GitHub
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
### Impact
User without the right to view documents can deduce their existence by repeated Livetable queries.
#### Reproduction steps
1. Restrict "view" access to `Sandbox.TestPa...
User without the right to view documents can deduce their existence by repeated Livetable queries.
#### Reproduction steps
1. Restrict "view" access to `Sandbox.TestPa...
๐จ CVE-2022-41944
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
๐@cveNotify
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
๐@cveNotify
GitHub
SECURITY: Hide notifications for inaccessible topics (#19208) ยท discourse/discourse@c6ee28e
Filter notifications the user cannot see anymore
via guardian.can_see_topic_ids
via guardian.can_see_topic_ids
๐จ CVE-2023-34395
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.
In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.
Starting version 4.0.0 driver can be set only from the hook constructor.
This issue affects Apache Airflow ODBC Provider: before 4.0.0.
๐@cveNotify
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.
In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.
Starting version 4.0.0 driver can be set only from the hook constructor.
This issue affects Apache Airflow ODBC Provider: before 4.0.0.
๐@cveNotify
GitHub
Disable setting ODBC driver via extra by default by potiuk ยท Pull Request #31713 ยท apache/airflow
By default setting driver via extra is disabled by default but we
have several more ways to set it.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In ca...
have several more ways to set it.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In ca...
๐จ CVE-2022-41954
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.
๐@cveNotify
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.
๐@cveNotify
GitHub
Temporary File Information Disclosure Vulnerability
### Impact
On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means...
On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means...
๐จ CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
๐@cveNotify
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
๐@cveNotify
GitHub
Regexes with large repetitions on empty sub-expressions take a very long time to parse
> This is a cross-post of [the official security advisory][advisory]. The official advisory contains a signed version with our PGP key, as well.
[advisory]: https://groups.google.com/g/rustla...
[advisory]: https://groups.google.com/g/rustla...
๐จ CVE-2022-41968
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.
๐@cveNotify
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.
๐@cveNotify
GitHub
Calendar name length not validated before writing to database
### Impact
An attacker can send unnecessary amount of data against the database
### Patches
It is recommended that the Nextcloud Server is upgraded to 23.0.10 or 24.0.5
It is recommended that...
An attacker can send unnecessary amount of data against the database
### Patches
It is recommended that the Nextcloud Server is upgraded to 23.0.10 or 24.0.5
It is recommended that...
๐จ CVE-2023-1118
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
๐@cveNotify
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
๐@cveNotify
GitHub
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() ยท torvalds/linux@29b0589
When the ene device is detaching, function ene_remove() will
be called. But there is no function to cancel tx_sim_timer
in ene_remove(), the timer handler ene_tx_irqsim() could race
with ene_remove...
be called. But there is no function to cancel tx_sim_timer
in ene_remove(), the timer handler ene_tx_irqsim() could race
with ene_remove...
๐จ CVE-2023-3405
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service
๐@cveNotify
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service
๐@cveNotify
๐จ CVE-2023-25098
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.
๐@cveNotify
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.
๐@cveNotify