Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Threat Round up for January 27 to February 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 27 and Feb. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#sql#vulnerability#web#mac#windows#microsoft#js#intel#auth#firefox
CVE-2023-22474: fix: The client IP address may be determined incorrectly in some case… · parse-community/parse-server@e016d81

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`.

CVE-2023-23937: [Task]: Mime type check on Profile Avatar upload (#14125) · pimcore/pimcore@75a448e

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.

CVE-2021-36535: Heap-based Buffer Overflow Vulnerability · Issue #175 · cesanta/mjs

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.

CVE-2023-23088: heap-buffer-overflow at json_value_parse · Issue #7 · Barenboim/json-parser

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.

CVE-2023-23086: heap-buffer-overflow in func SkipString · Issue #2 · scottcgi/MojoJson

Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.

CVE-2023-23087: null def in function Destory · Issue #3 · scottcgi/MojoJson

An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.

CVE-2021-37317: ASUS RT-AC68U RCE

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.

CVE-2023-24148: CVE-vulns/setUploadUserData.md at main · Double-q1015/CVE-vulns

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

CVE-2023-24139: CVE-vulns/setNetworkDiag_NetDiagHost.md at main · Double-q1015/CVE-vulns

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.