Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-p46g-8c3q-89p2: FUXA SQL Injection vulnerability

FUXA <= 1.1.12 is vulnerable to SQL Injection via `/api/signin`.

ghsa
Open in Source
#sql#vulnerability#git
GHSA-wwfj-h843-3hrq: FUXA local file inclusion vulnerability

FUXA <= 1.1.12 is vulnerable to Local File Inclusion via `/api/download`.

GHSA-v9q5-9crp-92f9: FUXA SQL Injection vulnerability

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

GHSA-q8wc-j5m9-27w3: Denial of Service issue in quinn-proto

### Impact Receiving unknown QUIC frames in a QUIC packet could result in a panic. ### Patches The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. ### References Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and https://github.com/quinn-rs/quinn/pull/1669.

GHSA-hc5c-r8m5-2gfh: plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

### Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an SVG image as user portrait, and then trick a user into following a link to this portrait. ### Patches A patch will be released in `plone.restapi` 8.43.3. This version is good for Plone 6.0, and for Plone 5.2 on Python 3. In `plone.restapi` 7 or earlier there was no `@portrait` endpoint yet, so there is nothing to fix in that version. It is still vulnerable to this attack, and needs a [fix in Zope 4](https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v). These two vulnerabilities share the same CVE: CVE-2023-42458. ### Workarounds You could remove the portrait field from the member data schema, and possibly remove all portraits that are already i...

GHSA-gx6r-qc2v-3p3v: systeminformation SSID Command Injection Vulnerability

### Impact SSID Command Injection Vulnerability ### Patches Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected ### Workarounds If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only) ### References See also https://systeminformation.io/security.html

GHSA-jj7c-jrv4-c65x: plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

### Impact There is a stored cross site scripting vulnerability for SVG images. A [security hotfix from 2021](https://github.com/plone/Products.PloneHotfix20210518) already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. All versions of `plone.namedfile` are impacted. ### Patches Patches will be released in various `plone.namedfile` releases: * 5.6.1 (for Plone 5.2) * 6.0.3 (for Plone 6.0.0-6.0.4) * 6.1.3 (for Plone 6.0.5-6.0.6) * 6.2.1 (for Plone 6.0.7) ### Workarounds There is no workaround.

GHSA-j646-gj5p-p45g: CefSharp affected by heap buffer overflow in WebP

**Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

GHSA-whhr-7f2w-qqj2: phonenumber panics on parsing crafted RF3966 inputs

### Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. ### Patches Patches will be published as version `0.3.3+8.13.9` and backported as `0.2.5+8.11.3`. ### Workarounds n.a. ### References n.a.

GHSA-cxvp-82cq-57h2: blurhash panics on parsing crafted inputs

### Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-8 characters ### Patches The patches will be released under version 0.2.0, which requires user intervention because of slight API churn. ### Workarounds n.a. ### References n.a.