#git

By Waqas In-depth analysis reveals concerning patterns in user data collection, with shopping and food delivery apps at the forefront. This is a post from HackRead.com Read the original post: Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.

Easy Chat Server version 3.1 suffers from a denial of service vulnerability.

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. “

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

### Impact _What kind of vulnerability is it? Who is impacted?_ This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a [`#call` method](https://viewcomponent.org/guide/templates.html#call) (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the [`#output_postamble` method](https://viewcomponent.org/api.html#output_postamble--string) is not sanitized, which can also lead to XSS issues. ### Patches _Has the problem been patched? What versions should users upgrade to?_ Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Sanitize the return value of `#call`, eg: `...

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references. ### Original Description encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjp3-5g2q-7jww. This link is maintained to preserve external references. ### Original Description A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references. ### Original Description CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.