#auth

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjp3-5g2q-7jww. This link is maintained to preserve external references. ### Original Description A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references. ### Original Description CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. ### Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-85rf-xh54-whp3. This link is maintained to preserve external references. ### Original Description Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

By Waqas According to DNA service provider 23andMe, if you are a user, you are to be blamed for reusing your password on other sites. This is a post from HackRead.com Read the original post: 23andMe blames its users for the massive data breach

23andMe has responded in a letter to legal representatives of data breach victims that they were to blame themselves for re-using passwords

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Ubuntu Security Notice 6565-1 - It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS. It was discovered that OpenSSH incorrectly added destination constraints when PKCS#11 token keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

Easy File Sharing FTP Server version 2.0 suffers from a denial of service vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Factory Automation Products Vulnerabilities: Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disclose information in the product or could cause denial-of-service (DoS) condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Factory Automation products are affected: GT SoftGOT2000: Versions 1.275M to 1.290C (CVE-2023-0286) OPC UA Data Collector: Versions 1.04E and prior (CVE-2023-0286) MX OPC Server UA (Software packaged with MC Works64): Versions 3.05F and later (Packaged with MC Works64 Version 4.03D and later) (CVE-2022-4304) OPC UA Server Unit: All versions (CVE-2022-4304) FX5-OPC: Versions 1.006 and prior (CVE-2022-4304, CVE-2022-4450) 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY ...