#java

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without Integrity Check CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing this advisory to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution, loss of sensitive information, or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson products are affected: PAC Machine Edition: All versions (CVE-2022-30263, CVE-2022-30265) PACSystem RXi: All versions (CVE-2022-30263, CVE-202...

### Summary BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. ### Details 1. There is no overflow detection or enforcement of the maximum sequence value. (This is a missed requirement from the draft Chunked Oblivious OHTTP RFC and so should be inherited from the HPKE RFC 9180, Section 5.2). 2. The sequence number (seq) is stored as 32-bit int which is relatively easy to overflow. https://github.com/netty/netty-incubator-codec-ohttp/blob/1ddadb6473cd3be5491d114431ed4c1a9f316001/codec-ohttp-hpke-classes-boringssl/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLAEADContext.java#L112-L114 ### Impact If the BoringSSLAEADContext is used to encrypt more than 2^32 messages then the AES-GCM nonce will repeat...

### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof.  3. Upload a PDF file containing the script.  4. Check that the script is running.  ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, e...

### Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS). ### Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Publish Date: 2020-04-29 URL:= https://security.snyk.io/package/npm/jquery/3.4.1

This post was authored by Kalpesh Mantri.  Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware.  These campaigns, active since the second week of

### Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. ### Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5, but in the long term users should prefer migrating to the Snappy implementation in https://github.com/airlift/aircompressor (version 0.27 or newer). ### Impact When uncompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM.

javascript-deobfuscator removes common JavaScript obfuscation techniques. Crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0.

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

Red Hat Security Advisory 2024-3563-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

Red Hat Security Advisory 2024-3561-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.