Tag
#perl
Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…
Cybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.
### Summary The `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection vulnerabilities, allowing an attacker to execute arbitrary commands on the host system. ### Details The vulnerability exists because environment variables are not properly sanitized during the decryption phase, which enables malicious keys or encrypted values to inject commands. ### Impact An attacker with control over `.ejson` files can inject commands in the environment where `source $(ejson2env)` or `eval ejson2env` are executed. ### Mitigation - Update to a version of `ejson2en...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertiv Equipment: Liebert RDU101 and Liebert UNITY Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or achieve remote code execution 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Vertiv products are affected: Liebert RDU101: Versions 1.9.0.0 and prior Liebert IS-UNITY: Versions 8.4.1.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. CVE-2025-46412 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v...
More. We’ll never stop wanting it. The number of applications and their dependencies that require management is continuously growing. Starting now, the Red Hat Enterprise Linux (RHEL) extensions repository addresses the evolving needs of RHEL users by providing a trusted and reliable source of validated software content. Using the RHEL extensions repository, you can keep up with the speed of innovation without compromising security.What is the RHEL extensions repository and should I enable it?The RHEL extensions repository is a collection of software, curated by Red Hat, that includes develo
### Impact Rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute values directly without escaping. If these values are unsafe (e.g. contain user input), this can lead to HTML attribute injection and XSS vulnerabilities. ### Patches The issue is fixed in version `2.25.1` of `symfony/ux-twig-component` by using Twig's `EscaperRuntime` to properly escape HTML attributes in `ComponentAttributes`. If you use `symfony/ux-live-component`, you must also update it to `2.25.1` to benefit from the fix, as it reuses the `ComponentAttributes` class internally. ### Workarounds Until you can upgrade, avoid rendering `{{ attributes }}` or derived objects directly if it may contain untrusted values. Instead, use `{{ attributes.render('name') }}` for safe output of individual attributes. ### References GitHub repository: [symfony/ux](https://github.com/symfony/ux)
The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in siteGuide.js, where user-supplied data is not properly sanitized, allowing directory traversal attacks.
You’ve got an important choice to make: HubSpot or Salesforce?
### Impact the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<address>.code`). the reason is that for these source locations, the check that `length >= 1` is skipped: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L315-L319 the result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/codegen/core.py#L189-L191 the impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. the following example illustrates how the issue would look in user code ```vyper counter: public(uint256) @external def test() -> Bytes[10]: b: Bytes[10] = slice(msg.data, self.side...
### Impact `concat()` may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562 in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b""`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b"" if self.do_some_side_effect() else b""`. the following example demonstrates how the issue would look in user code ```vyper counter: public(uint256) @external def test() -> Bytes[256]: a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa") return a def sideeffect() -> bool: self.count...