#git

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process. ### Impact This is a denial of service vulnerability, impacting all users of affected versions of Vapor. Because the crash is an explicit assertion failure, there is no corruption of process state and no risk of data leakage or unauthorized code execution. Total impact is limited to an immediately recoverable service interruption. ### Patches The issue is fixed as of Vapor release 4.84.2. ### Workarounds None known at this time. ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Vapor repo](https://github.com/vapor/vapor) * Ask in [Vapor Discord](http://vapor.team) ### Acknowledgements Full credit for reporting this issue goes to @t0rchwo0d, with additional thanks for responsibly disclosing.

### Summary IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. ### Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.java#L202 This logic violates point 3 of https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation. Workaround exists by setting `micronaut.security.token.jwt.claims-validators.audience` with valid values. `micronaut.security.token.jwt.claims-validators.openid-idtoken` can be kept as default on. ### PoC Should probably be: ```java return issuer.equalsIgnoreCase(iss) && audiences.contains(clientId) && validateAzp(claims, clientId, audiences); ``` ### Impact Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared.

### Impact The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys.

By Waqas The crypto scammers convinced a victim in the United States to transfer their Bitcoin to a Kraken cryptocurrency account that the victim did not control. This is a post from HackRead.com Read the original post: US Police Recover $3M Stolen by Pakistani Crypto Scammers

Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Red Hat Security Advisory 2023-5446-01 - Release of Red Hat build of OptaPlanner 8.38.0 SP1. This release includes security fixes. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) References - https://www.cve.org/CVERecord?id=CVE-2023-5217 - https://nvd.nist.gov/vuln/detail/CVE-2023-5217

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in disclosure of information stored in the product by sending specially crafted packets or could cause a denial-of service (DoS) condition by getting a legitimate user to import a specially crafted certificate 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric products are affected: CC-Link IE TSN Industrial Managed Switch, model NZ2MHG-TSNT8F2 NZ2MHG-TSNT4: All versions 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY CWE-208 An attacker could decrypt ciphertext and disclose sensitive information by sending specially crafted packets and performing a Bleichenbacher style attack. CVE-2022-4304 has been assigned to this vuln...