Koyo PLC Programming Software) Security Vulnerabilities

Debian dsa-5698 : ruby-rack - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5698 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5698-1 [email protected] ...

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability (CWE-79). ## Impact An arbitrary script may be executed on the web browser of the user who is using the product. ## Solution Update the software Update the software to the latest version...

K000139764: Apache HTTPD vulnerability CVE-2023-38709

Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) Impact This vulnerability allows malicious or exploitable...

SBOM support in Spring Boot 3.3

Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...

Debian dsa-5699 : redmine - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5699 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5699-1 [email protected] ...

Intel VTune Profiler < 2024.0 Escalation of Privilege

The version of Intel VTune Profiler installed on the remote Windows host is prior to 2024.0. It is, therefore, affected by an escalation of privilege vulnerability. Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. Note that Nessus has not...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...

Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter

A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested...

Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter

A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested...

Silverstripe Missing CSRF protection in login form

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability:...

Silverstripe Missing CSRF protection in login form

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability:...

Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...

Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...

Silverstripe XSS in CMS Edit Page

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an...

Silverstripe XSS in CMS Edit Page

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an...

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.....

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.....

Silverstripe Missing security check on dev/build/defaults

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that...

Silverstripe Missing security check on dev/build/defaults

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that...

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...

Silverstripe Form field validation message XSS vulnerability

A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at...

Silverstripe Form field validation message XSS vulnerability

A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-42753, CVE-2023-5178, CVE-2023-47710, CVE-2023-45871)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details ** CVEID: CVE-2023-42753 DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high...

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production...

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production...

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...

Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...

Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...

Silverstripe External redirection risk in Security?ReturnURL

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...

Silverstripe External redirection risk in Security?ReturnURL

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

Silverstripe XSS in Director::force_redirect()

A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method. Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments. This vulnerability is marked low as it is.....

Silverstripe XSS in Director::force_redirect()

A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method. Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments. This vulnerability is marked low as it is.....

gnome-remote-desktop vulnerability

Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop...

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service (CVE-2024-25062). AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a...

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager ((CVE-2024-22259, CVE-2024-22243, CVE-2024-22262). IBM has addressed the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-22262 DESCRIPTION: **VMware Tanzu Spring Framework could allow a.....

Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...

Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...

Silverstripe XSS In rewritten hash links

A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href="#anchor") to be rewritten in an unsafe way. The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate...

Silverstripe XSS In rewritten hash links

A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href="#anchor") to be rewritten in an unsafe way. The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate...

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Impact There is a vulnerability in GO managing malformed DNS message, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References CVE-2024-24788 Patches https://github.com/traefik/traefik/releases/tag/v2.11.3...