#vulnerability

The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its mobile OS.

### Impact A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar. Please consult the associated [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this attack category. ### Patches A new setting, [`agent-tls-mode`](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings), was added, which allows users to specify if agents will use `strict` certificate verification when connecting to Rancher. The field can be set to `strict` (which requires the agent to ver...

The vendor says there are no reports of the flaws being exploited in the wild nor any public exploit codes currently available.

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers…

The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.

### Summary A vulnerability has been discovered in **Agnai** that permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect: - agnai.chat - installations using S3-compatible storage - self-hosting that is not publicly exposed ### CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html ### CVSS4.0 - 2.3 Low CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N ### Details This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the `editCharacter` handler https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.ts#L140: ```tsx POST /api/character/28cbe508-2fa9-4890-886e-61d73e22006c%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2f%6...

### CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html ### CVSSv3.1 4.3 - Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N ### Summary A vulnerability has been discovered in **Agnai** that permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. **This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only.** ### Details & PoC This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request: ```tsx GET /api/json/messages/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2fpackage HTTP/1.1 ``` In this example, the attacker retrieves the `package.json` file content from the server by manipulating the file path. The request is processed by the `loadM...

## Summary A vulnerability has been discovered in **Agnai** that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This **does not** affect: - `agnai.chat` - installations using S3-compatible storage - self-hosting that is not publicly exposed This **DOES** affect: - publicly hosted installs without S3-compatible storage ### CWEs CWE-35: Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type ### CVSS-4.0 - **9.0 - Critical** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H ### Description Path Traversal and Unrestricted Upload of File with Dangerous Type Path Traversal Location ```tsx POST /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character HTTP/1.1 {"_id...

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

### Summary A DOM Clobbering vulnerability has been discovered in `layui` that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. It's worth noting that we’ve identifed similar issues in other popular client-side libraries like Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986)) and Vite ([CVE-2024-45812](https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3)), which might serve as valuable references. ### Backgrounds DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code snippet) living in the existing libraries to transform it into executable code. ### Impact This vulnerability can lead to cross-site scripting (XSS) on websites that uses ...