#mac

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Omron  Equipment: CJ1M PLC  Vulnerabilities: Improper Access Control    2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address. An attacker can also overwrite passwords and lock engineers from reading their own memory regions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Omron CJ1M, a programmable logic controller, are affected:  SYSMAC CJ-series  CJ2H-CPU6 □ -EIP: All versions  CJ2H-CPU6 □: All versions  CJ2M-CPU □ □: All versions  CJ1G-CPU □ □ P: All versions  SYSMAC CS-series   CS1H-CPU □ □ H: All versions  CS1G-CPU □ □ H: All versions  CS1D-CPU □ □ HA: All versions  CS1D-CPU □ □ H: All versions  CS1D-CPU □ □ SA: All versions  CS1D-CPU □ □ S: All versions  CS1D-CPU □ □ P: All versions  SYSMAC CP-series  CP2E-E □ □ D □ - □: All versions  CP2E-S □ □...

**How could an attacker exploit this vulnerability?** An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The user must be authenticated to be able to exploit this vulnerability.

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Shopify suffers from a cross site scripting vulnerability.

The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute’s cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can’t be overstated. While NIST hasn’t directly developed