262 matches found
In DestinationBridge:rescueTokens function the owner can steal user tokens
Lines of code Vulnerability details Summary In the rescueToken function, it opens the door to potential insecurity for user funds because it lacks additional conditions specifying which types of tokens or under what conditions the onlyOwner can use this function. The function looks like: / @notic...
CVE-2023-4342 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...
The vulnerability of the UI and visualization components of the Oracle Hyperion Workspace application allows a malicious individual to gain unauthorized access to protected information. This access enables them to modify, add, or delete data, or cause service interruptions.
The vulnerability of the UI and visualization components of the Oracle Hyperion Workspace reporting application relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information, to modify, add, or delete data,...
Information disclosure
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...
CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....
How to Be Prepared in the Age of Cyber Insecurity
...
The Insecurity of Photo Cropping
The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors. Official instruction manuals, help pages...
Design/Logic Flaw
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...
CVE-2022-47196
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
CVE-2022-47194
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-36045
CVE-2022-36045 affects NodeBB Forum Software. The root cause is a cryptographically weak PRNG used by the helper function utils.generateUUID (uses Math.random()), enabling an attacker to possibly calculate reset codes and takeover an account without victim involvement. Affected versions include e...
CVE-2022-28382
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
CVE-2022-29402
CVE-2022-29402 affects the TP-Link TL-WR840N EU v6.20. The issue is insecure protections for the UART console, allowing an attacker with physical access to connect via a serial port and execute commands as root without authentication. The CVE is documented with a physical attack vector and high i...
Insecure PRNG use in random_password_generator
The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...
Kubernetes arbitrary file overwrite
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...
CURL-CVE-2022-30115 HSTS bypass via trailing dot
curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the hostname in the given URL used ...
OPENSUSE-SU-2022:23018-1 Security update for conmon, libcontainers-common, libseccomp, podman
This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 bsc1193273, opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 bsc1193166, podman machine spawns gvproxy...
The 5 Most-Wanted Threatpost Stories of 2021
As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends gleaned from looking at the most-read stories on the Threatpost site. While 2020 was all about...