Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-45481: IOTvul/assets/setFirewallCfg_code.png at master · l3m0nade/IOTvul

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.

CVE
Open in Source
#vulnerability#git
CVE-2023-45483: IOTvul/assets/compare_parentcontrol_time_code.png at master · l3m0nade/IOTvul

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.

CVE-2023-45484: IOTvul/assets/fromSetWifiGuestBasic_code.png at master · l3m0nade/IOTvul

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.

CVE-2023-45479: IOTvul/assets/sub_49E098_code.png at master · l3m0nade/IOTvul

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.

CVE-2023-45480: IOTvul/assets/sub_47d878_code.png at master · l3m0nade/IOTvul

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.

DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason

CVE-2023-46886: 🛡️ 后台模板标签存在任意文件包含 · Issue #I6NOFN · www.iteachyou.cc/Dreamer CMS(梦想家CMS内容管理系统) - Gitee.com

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.

CVE-2023-47462: CVE-issues/3.215/Arbitrary File Read through file share.md at main · gl-inet/CVE-issues

Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.

GHSA-c38w-74pg-36hr: Marvin Attack: potential key recovery through timing sidechannels

### Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. ### Patches No patch is yet available, however work is underway to migrate to a fully constant-time implementation. ### Workarounds The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine. ### References This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks. - https://rustsec.org/advisories/RUSTSEC-2023-0071.html - https://people.redhat.com/~hkario/marvin/ - https://github.com/RustCrypto/RSA/issues/19