An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3.

Hi

adding a service in maxscale with dynamic change is necessary to add the user and password. Passing the Encrypted password to the command, end up to confirm the service has been created but the password on the /var/lib/maxscale/maxscale.cnf.d/Read-Service.cnf end up to show store as clear password.

maxctrl create service Read-Service readconnroute user=service\_user password=2KVMANFl502A2398E42A8C670825770EED948CCBD764E1B67......  
OK

cat Read-Service.cnf  
\[Read-Service\]  
router\_options=slave  
password=This\_is\_my\_pwd\_clear  
router=readconnroute  
type=service  
user=service\_user

So the encryption is already on. There are few things to clear and update on the documentation as well:

*   can i pass the encrypted pwd ?
*   can i pass the clear pwd?
*   how maxscale undestant if the pwd i am passing is the encrypted or not
*   for sure if the encrypted is on, the file should not store the clear password

CVE-2023-40354: [MXS-4681] Encrypted passwords are persisted in plaintext

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

CVE-2023-33013

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

CVE-2023-28768

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

CVE-2023-40359: XTERM - Change Log

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Expand Up

@@ -13,8 +13,8 @@ static size\_t countChar(const ut8 \*buf, int len, char ch) {

}

  

static int getid(char ch) {

const char \*keys \= "\[\]<>+-,.";

const char \*cidx \= strchr (keys, ch);

const char \*const keys \= "\[\]<>+-,.";

const char \*const cidx \= strchr (keys, ch);

return cidx? cidx \- keys + 1: 0;

}

  

Expand Down Expand Up

@@ -136,13 +136,11 @@ static int assemble(const char \*buf, ut8 \*\*outbuf) {

#define BUFSIZE\_INC 32

static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

int len \= op\->size;

const ut8 \*\_buf \= op\->bytes;

const ut64 addr \= op\->addr;

if (len < 1) {

return false;

}

  

ut8 \*buf \= (ut8\*)\_buf; // XXX

ut8 \*buf \= op\->bytes;

const ut64 addr \= op\->addr;

ut64 dst \= 0LL;

if (!op) {

return 1;

Expand All

@@ -169,29 +167,32 @@ static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

}

r\_strbuf\_set (&op\->esil, "1,pc,-,brk,=\[4\],4,brk,+=");

#if 1

{

if (len \> 1) {

const ut8 \*p \= buf + 1;

int lev \= 0, i \= 1;

len\--;

while (i < len && \*p) {

if (\*p \== '\[') {

switch (\*p) {

case '\[':

lev++;

}

if (\*p \== '\]') {

break;

case '\]':

lev\--;

if (lev \== \-1) {

dst \= addr + (size\_t)(p \- buf) + 1;

if (lev < 1) {

size\_t delta \= p \- buf;

dst \= addr + (size\_t)delta + 1;

op\->jump \= dst;

r\_strbuf\_set (&op\->esil, "1,pc,-,brk,=\[4\],4,brk,+=,");

goto beach;

}

}

if (\*p \== 0x00 || \*p \== 0xff) {

break;

case 0:

case 0xff:

op\->type \= R\_ANAL\_OP\_TYPE\_ILL;

goto beach;

}

if (read\_at && i \== len \- 1) {

break;

#if 0

// XXX unnecessary just break

int new\_buf\_len \= len + 1 + BUFSIZE\_INC;

ut8 \*new\_buf \= calloc (new\_buf\_len, 1);

Expand All

@@ -203,6 +204,9 @@ static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

p \= buf + i;

len += BUFSIZE\_INC;

}

#else

break;

#endif

}

p++;

i++;

Expand Down

CVE-2023-4322: Fix 1byte heap oobread in the brainfuck disassembler · radareorg/radare2@ba919ad

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

**Insyde ID**

**Advisory Category**

**Impact of Vulnerability**

**Severity Rating**

**Original Date**

**Last Revised**

INSYDE-SA-2023047

Software

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.1

08/08/2023

08/08/2023

****Summary:****

SysPasswordDxe: Cleartext storage of system password could lead to possible information disclosure.

****Vulnerability Details:****

CVE-2023-31041

An issue was discovered in Insyde InsydeH2O kernel. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

CWE-256: Plaintext Storage of a Password

**Solution Information:**  
Kernel 5.2: Version 05.28.19  
Kernel 5.3: Version 05.37.19  
Kernel 5.4: Version 05.45.19  
Kernel 5.5: Version 05.53.19  
Kernel 5.6: Version 05.60.20

****Revision History:****

**Revision**

**Date**

**Description**

1.0

08/08/2023

Initial Release

\--

\--

\--

**Return to Insyde's Security Pledge**

CVE-2023-31041: Insyde Security Advisory 2023047 | Insyde Software

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor. This plugin has been closed as of March 8, 2023 and is not available for download. This closure is permanent.

Pavitra Tiwari discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Article Directory Redux Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30751: WordPress Article Directory Redux plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin <= 1.8.5 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

Prasanna V Balaji discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30754: WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin <= 1.8.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.

**Solution**

 Fixed

Update the WordPress Optima Express + MarketBoost IDX Plugin plugin to the latest available version (at least 7.3.1).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Optima Express + MarketBoost IDX Plugin Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 7.3.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30749: WordPress Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.

**Solution**

 Fixed

Update the WordPress Email Subscription Popup plugin to the latest available version (at least 1.2.17).

Found this useful? Thank minhtuanact for reporting this vulnerability. Buy a coffee ☕

minhtuanact discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Email Subscription Popup Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.17.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Source

CVE