CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...

CVE-2023-30623

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2023-30623 Arbitrary command injection in embano1/wip

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2023-30623

CVE-2023-30623 concerns the GitHub Action embano1/wip (Bash). Before version 2, it insecurely uses the PR title from github.event.pull_request.title in a run statement, enabling command injection via string interpolation. This can let an attacker who creates a PR trigger code execution on GitHub ...

CVE-2023-30623 Arbitrary command injection in embano1/wip

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

PT-2023-22820 · Unknown · Embano1/Wip

Name of the Vulnerable Software and Affected Versions: embano1/wip versions prior to 2 Description: The embano1/wip action uses the github.event.pull request.title parameter in an insecure way, resulting in a command injection vulnerability due to string interpolation. This issue can be triggered...

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

CVE-2023-26493

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

CVE-2023-28431

CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

PT-2023-21224 · Github · Github-Slug-Action

Name of the Vulnerable Software and Affected Versions: github-slug-action versions 4.0.0 through 4.4.1 Description: The github-slug-action uses the github.head ref parameter in an insecure way, allowing any user on GitHub to trigger the vulnerability by creating a pull request with a branch name...

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

PT-2023-12181 · Octobox · Octobox

Name of the Vulnerable Software and Affected Versions: Octobox versions prior to pull request 2807 Description: Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability...

IDOR Vulnerability in Nextcloud Mail

None...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2023-24435 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2023-24435 Sourc...

GHSA-W4V5-54P8-M4J5 Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...