Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-46256: [REPORT] Heap Buffer Overflow Bug Found in src/drivers/distance_sensor/lightware_laser_serial/parser.cpp

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

CVE
#vulnerability#ubuntu#linux#git#buffer_overflow
CVE-2023-46723: If you use sendto.txt, the user who knows the IMEI can read the sendto.txt and the URL and the API key in the sendto.txt.

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`.

CVE-2023-46240: Merge pull request from GHSA-hwxf-qxj7-7rfj · codeigniter4/CodeIgniter4@423569f

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.

CVE-2023-46245: Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available.

CVE-2023-46255: `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue.

CVE-2023-46722: Implement Asset Sanitizer Queue & Preview Check (#16053) · pimcore/pimcore@7573756

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.

CVE-2023-42658: InSpec CLI

Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

CVE-2023-46993: vul_report/TOTOLINK A3300R-Command Injection/readme.md at main · AuroraHaaash/vul_report

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

CVE-2023-46992: vul_report/TOTOLINK A3300R/readme.md at main · AuroraHaaash/vul_report

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

CVE-2023-37243: Vulnerability-Disclosures/2023/MNDT-2023-0010.md at master · mandiant/Vulnerability-Disclosures

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.