1288H V5; 2288H V5 Security Vulnerabilities

CVE-2023-46724

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....

CVE-2023-46724

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....

Input validation

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....

CVE-2023-44141

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown...

Code injection

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown...

Cosmos packet-forward-middleware vulnerable to chain-halt

The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a...

Cosmos packet-forward-middleware vulnerable to chain-halt

The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a...

Security Bulletin: IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto

Summary IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto (CVE-2023-28366, CVE-2023-3592, CVE-2023-0809). Vulnerability Details ** CVEID: CVE-2023-28366 DESCRIPTION: **Eclipse Mosquitto is vulnerable to a denial of service, caused by a memory leak flaw in the...

JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1758 JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability October 19, 2023 CVE Number CVE-2023-34366 SUMMARY A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially...

JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1809 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability October 19, 2023 CVE Number CVE-2023-38128 SUMMARY An out-of-bounds write vulnerability exists in the “HyperLinkFrame” stream parser of Ichitaro 2023...

JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1808 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability October 19, 2023 CVE Number CVE-2023-38127 SUMMARY An integer overflow exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially...

Security Bulletin: IBM Aspera Faspex has addressed an IP address restriction bypass vulnerability

Summary IBM Aspera Faspex could allow a malicious actor to bypass the whitelist IP check at user log in. This is not an unauthorized user access exploit. Vulnerability Details ** CVEID: CVE-2023-30995 DESCRIPTION: **IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a...

Achieving DORA Compliance with Qualys: A Comprehensive Approach

In the ever-changing landscape of finance and technology, it is crucial to have robust operational resilience and compliance frameworks. The Digital Operational Resilience Act (DORA) framework is a significant step in this direction, as it is intended to strengthen the resilience of financial...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

Memory corruption

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

Debian DSA-5511-1 : mosquitto - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5511 advisory. In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is...

CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property...

Debian: Security Advisory (DSA-5511-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5511-1] mosquitto security update

Debian Security Advisory DSA-5511-1 [email protected] https://www.debian.org/security/ Markus Koschany October 01, 2023 https://www.debian.org/security/faq Package : mosquitto CVE ID : CVE-2021-34434 CVE-2023-0809...

TOTOLINK Wireless Routers Remote Command Execution

...

TOTOLINK Wireless Routers Remote Command Execution Exploit

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under...

Analyzing a Modern In-the-wild Android Exploit

By Seth Jenkins, Project Zero Introduction In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web...

Command injection

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web...

Design/Logic Flaw

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the...

CVE-2020-36766

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the...

CVE-2020-36766

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the...

TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.

Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. After exploitation, an attacker will have full access with the same user privileges under...

Siemens RUGGEDCOM ROS Buffer Copy Without Checking Size of Input (CVE-2021-31895)

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (Al...

Exploit for Vulnerability in Apple Macos

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

VMware vRealize Log Insight Unauthenticated Remote Code Execution Exploit

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the...

VMware vRealize Log Insight Unauthenticated Remote Code Execution

...

Oracle Linux 8 : kernel (ELSA-2020-4431)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4431 advisory. drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference....

CVE-2023-4746

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But...

Format string

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But...

CVE-2023-4746 TOTOLINK N200RE V5 Validity_check format string

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But...

Fedora 38 : libwebsockets / mosquitto (2023-6a87c003c4)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-6a87c003c4 advisory. In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In...

Fedora 37 : mosquitto (2023-e7ed15ab9e)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e7ed15ab9e advisory. In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In...

FetLife: fetlife.com/signup_step_profile expose access_token of mapbox.com

Hi fetlife, I'm investigate on registration step on your site, in registration step at https://fetlife.com/signup_step_profile when user type in field "private_location_name" {F2652527} it use frontend call to api.mapbox.com directly thus expose access_token, I was able to call it directly via...

Advisory ROSA-SA-2023-2224

software: mosquitto 2.0.15 WASP: ROSA-CHROME package_evr_string: mosquitto-2.0.15-2.src.rpm CVE-ID: CVE-2021-34431 BDU-ID: 2022-01775 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message.....

M-22 Unmitigated

Lines of code Vulnerability details Comments The underlying yield vaults used by the V5 vaults usually round down shares received when depositing. As a result, if the Vault deposits to an underlying yield vault that has already issued shares, it is possible that a deposit could be rounded down to.....

Claiming prizes will be bricked if prize periods are not aligned with twab periods

Lines of code https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/main/src/libraries/TwabLib.sol#L244-L251 https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/main/src/libraries/TwabLib.sol#L650-L658 Vulnerability details Comments The previous implementation allowed a...

Number of prize tiers may never scale due to aggressive new algorithm

Lines of code https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/main/src/PrizePool.sol#L807-L811 https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/main/src/abstract/TieredLiquidityDistributor.sol#L602-L619...

Loss of precision in the YieldVault causes DoS when depositing from the Vault

Lines of code Vulnerability details Title Loss of precision in the YieldVault causes DoS when depositing from the Vault Original Issue M-22 - Loss of precision leads to undercollateralized Details The original demonstrates how the Vault could fall into undercollateralization mode if the YieldVault....

Mageia: Security Advisory (MGASA-2023-0251)

The remote host is missing an update for...