Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

GHSA-wrrj-h57r-vx9p: Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

The Rust Security Response WG was notified that Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to XSS if the report is subsequently uploaded somewhere. The severity of this vulnerability is "low" for users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Note that **by design** Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerability in this advisory allows performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. # Overview Rust 1.60.0 [introduced](https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html#cargo...

ghsa
Open in Source
#xss#vulnerability#web#mac#git#java#rce
CVE-2023-40897: founded-0-days/ac8/GetParentControlInfo/1.md at main · peris-navince/founded-0-days

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.

CVE-2023-40901: founded-0-days/ac10/fromSetStaticRouteCfg/1.md at main · peris-navince/founded-0-days

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.

CVE-2023-40904: founded-0-days/ac10/formSetMacFilterCfg/1.md at main · peris-navince/founded-0-days

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

CVE-2023-40899: founded-0-days/ac8/formSetMacFilterCfg/1.md at main · peris-navince/founded-0-days

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

CVE-2023-40902: founded-0-days/ac10/SetIpMacBind/1.md at main · peris-navince/founded-0-days

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

CVE-2023-40896: founded-0-days/ac8/SetIpMacBind/1.md at main · peris-navince/founded-0-days

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

By Deeba Ahmed Meet Telekopye, a new phishing toolkit that uses a Telegram bot to carry out its operations. This is a post from HackRead.com Read the original post: Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

The Last Hour Before Yevgeny Prigozhin's Plane Crash

Russia tightly controls its information space—making it hard to get accurate information out of the country. But open source data provides some clues about the crash.