#auth

### Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using `snap run --shell firefox` followed by `snapctl mount`, since snapd validates the requesting user identity (root or non-root). The issue allows unprivileged users to bypass that check by crafting a malicious command line vector which confuses snapd into thinking the help message is requested. Unprivileged user on a default installation of Ubuntu, where firefox is as provided as a snap, may cause a denial-of-service attack by repeatedly mounting hunspell database over and over and eventually exhausting system memory. Other attacks, reliant on the same underying mechanism (mount), are possible. In all cases the snap must be installed and grated permission to perform this action (by connecting an appropriate snap interface), which requires administrative pr...

# StoredXSS-LibreNMS-Display Name 2 **Description:** XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display of Librenms versions 24.11.0 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: `"><img src onerror="alert(document.cookie)">`.  4. Save the changes. 5. The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type contai...

By staying vigilant, agile, and prepared, organizations can turn TDIR from a defensive strategy into a proactive enabler of security and operational excellence.

Part predictive analysis, part intuition, risk and reputation services are imperfect instruments at best — and better than nothing for most organizations and insurers.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIPROTEC 5 6MD84 (CP300): Versions prior to 9.80 Siemens SIPROTEC 5 7SA87 (CP300): Versions 7.80 up to but not including 9.80 Siemens SIPROTEC 5 7SD82 (CP100): Versions 7.80 and after Siemens SIPROTEC...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Data Center Expert Vulnerabilities: Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Exploitation of these vulnerabilities could allow an attacker to expose private data or achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Data Center Expert: 8.1.1.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 An improper verification of cryptographic signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. CVE-2024-8531 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix LDAP Vulnerability: LDAP Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to bypass username verification. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Mendix LDAP: All versions prior to 1.1.2 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN LDAP QUERY ('LDAP INJECTION') CWE-90 Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to ...

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft’s December Patch Tuesday, a public exploit for it appeared on January 15th. 🙂 It was developed by […]

Nathaniel Fick, the ambassador for cyberspace and digital policy, has led US tech diplomacy amid a rising tide of pressure from authoritarian regimes. Will the Trump administration undo that work?

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a