#ssl

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, disclose information, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​SIMATIC MV540 H (6GF3540-0GE10): All versions prior to v3.3.4 ​SIMATIC MV540 S (6GF3540-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV550 H (6GF3550-0GE10): All versions prior to v 3.3.4 ​SIMATIC MV550 S (6GF3550-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV560 U (6GF3560-0LE10): ...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm. 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet causing certain functions to fail, achieve a man-in-the-middle attack, or arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​RUGGEDCOM ROX MX5000: All versions prior to V2.16.0 ​RUGGEDCOM ROX MX5000RE: All versions prior to V2.16.0 ​RUGGEDCOM ROX RX1400: All versions pr...

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.

Microsoft says hackers somehow stole a cryptographic key, perhaps from its own network, that let them forge user identities and slip past cloud defenses.

Jenkins Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test (the button labeled "Test Domain"). Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted. This allows attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials. This only affects the connection test. Connections established during the login process are encrypted if the corresponding TLS option is enabled. Active Directory Plugin 2.30.1 considers the "Require TLS" and "StartTls" options for connection tests.

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.