Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)

Impact Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user User A, given another user's threadid User B, can: - Execute graph runs against User B's thread via POST /threads/threadid/runs...

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station gNB. The attack, per the ASSET Automated Systems SEcuriTy Research Group at the Singapore University of Technology and Design SUTD, relies on ...

Xymon Security Bypass Vulnerability

Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . There is a security vulnerability in Xymon. This vulnerability allows attacker...