Source
ghsa
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
FUXA <= 1.1.12 is vulnerable to SQL Injection via `/api/signin`.
FUXA <= 1.1.12 is vulnerable to Local File Inclusion via `/api/download`.
### Impact Receiving unknown QUIC frames in a QUIC packet could result in a panic. ### Patches The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. ### References Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and https://github.com/quinn-rs/quinn/pull/1669.
### Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an SVG image as user portrait, and then trick a user into following a link to this portrait. ### Patches A patch will be released in `plone.restapi` 8.43.3. This version is good for Plone 6.0, and for Plone 5.2 on Python 3. In `plone.restapi` 7 or earlier there was no `@portrait` endpoint yet, so there is nothing to fix in that version. It is still vulnerable to this attack, and needs a [fix in Zope 4](https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v). These two vulnerabilities share the same CVE: CVE-2023-42458. ### Workarounds You could remove the portrait field from the member data schema, and possibly remove all portraits that are already i...
### Impact SSID Command Injection Vulnerability ### Patches Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected ### Workarounds If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only) ### References See also https://systeminformation.io/security.html
### Impact There is a stored cross site scripting vulnerability for SVG images. A [security hotfix from 2021](https://github.com/plone/Products.PloneHotfix20210518) already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. All versions of `plone.namedfile` are impacted. ### Patches Patches will be released in various `plone.namedfile` releases: * 5.6.1 (for Plone 5.2) * 6.0.3 (for Plone 6.0.0-6.0.4) * 6.1.3 (for Plone 6.0.5-6.0.6) * 6.2.1 (for Plone 6.0.7) ### Workarounds There is no workaround.
**Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability