#perl

You’ve got an important choice to make: HubSpot or Salesforce?

### Impact the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<address>.code`). the reason is that for these source locations, the check that `length >= 1` is skipped: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L315-L319 the result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/codegen/core.py#L189-L191 the impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. the following example illustrates how the issue would look in user code ```vyper counter: public(uint256) @external def test() -> Bytes[10]: b: Bytes[10] = slice(msg.data, self.side...

### Impact `concat()` may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562 in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b""`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b"" if self.do_some_side_effect() else b""`. the following example demonstrates how the issue would look in user code ```vyper counter: public(uint256) @external def test() -> Bytes[256]: a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa") return a def sideeffect() -> bool: self.count...

Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.

### Summary The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other attacks. ### Details The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. ```python 39: @require_http_methods(['POST']) 40: def upload_example_using_config(request): 41: """Generate upload data example by config only""" 42: config = request.POST.get('label_config', '') 43: 44: org_pk = get_organization_from_request(request) 45: secure_mode = False 46: if org_pk is not None: 47: org = generics.get_object_or_404(Organization, pk=org_pk) 48: secure_mode = org.secure_mode 49: 50: try: 51: Project.validate_label_config(config) 52: task_data, _, _ = get_sample_task(config, secure_mode) 5...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: BACnet ATEC Devices Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following BACnet ATEC products are affected: Siemens BACnet ATEC 550-440: All versions Siemens BACnet ATEC 550-441: All versions Siemens BACnet ATEC 550-445: All versions Siemens BACnet AT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion Vulnerabilities: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Restriction of XML External Entity Reference, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to extract data, conduct cross-site scripting attacks or find out valid usernames. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Po...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: MS/TP Point Pickup Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition that requires a power cycle to restore normal operation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens MS/TP Point Pickup Module: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The affected devices improperly handle specific incoming BACnet MSTP messages. This co...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Path Traversal: '.../...//', Use of Uninitialized Variable, NULL Pointer Dereference, Out-of-bounds Read, Stack-based Buffer Overflow, Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could affect the confidentiality, integrity, and availabil...

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.