CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

Fedora 38 : perl-CPAN (2023-46924e402a)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46924e402a advisory. Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 - Add...

DDoS attacks want to make sure you haven’t forgotten about them

Welcome to this weeks edition of the Threat Source newsletter. Distributed denial-of-service attacks DDoS have been around since before I even knew how to turn a computer on. These types of attacks, I feel, have the same vibe as the term "computer virus" -- something we used to talk about in the...

TimeoutTimeStamp and TimeoutHeight fields are not properly validated

Lines of code Vulnerability details Impact The absence of proper validation for TimeoutTimeStamp and TimeoutHeight fields before processing an onboarding request can lead to significant disruption and potential security risks. This might allow an attacker to send an IBC Inter-Blockchain...

Fortinet FortiNAC RCE (FG-IR-23-074)

The version of FortiNAC installed on the remote host is prior to 9.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-074 advisory. - A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows...

CVE-2022-43949

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

Design/Logic Flaw

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

CVE-2022-43949

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

Okta Advanced Server Access Client 1.13.1 < 1.68.2 Command Injection

The versions of Okta Advanced Server Access Client installed on the remote host is affected by a command injection vulnerability due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issu...

FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm

A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

Mozilla Thunderbird < 102.12

The version of Thunderbird installed on the remote Windows host is prior to 102.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-21 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng,...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

PT-2023-36091 · Users · Users

Name of the Vulnerable Software and Affected Versions: users affected versions not specified Description: The issue concerns the users crate, which has not been updated since 2020-10-08, and its developer appears to be inactive. Recommendations: At the moment, there is no information about a newe...

It’s apparently hip to still be using Windows 7

Welcome to this weeks edition of the Threat Source newsletter. As a longtime macOS user, I must admit Im behind the times when it comes to Microsoft Windows. Since buying a Steam Deck, Ive actually come to learn more about Linux and the Proton compatibility layer than I ever did about Windows. Bu...

Ubuntu: Security Advisory (USN-6105-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6105-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-36310 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates versions prior to 2.60 Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority...

No deadline for swaps

Lines of code Vulnerability details Impact No deadline for swaps allows transactions to be executed later, unfavourably or maliciously. Proof of Concept When tokens are to be swapped rather than minted, slippage is controlled in uniswapV3SwapCallback by minimumAmountReceived which is calculated...

GARO Wallbox GLB/GTB/GTC 安全漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in versions prior to GARO Wallbox GLB/GTB/GTC v189, which stems from an insecure permission in the settings page that allows an attacker to redirect the user to a crafted...