#ssl

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.

Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.

Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: PolyEco1000 Vulnerabilities: Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, access restricted pages, or hijack sessions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sielco PolyEco1000, a FM transmitter, are affected: PolyEco1000: CPU:2.0.6 FPGA:10.19 PolyEco1000: CPU:1.9.4 FPGA:10.19 PolyEco1000: CPU:1.9.3 FPGA:10.19 PolyEco500: CPU:1.7.0 FPGA:10.16 PolyEco300: CPU:2.0.2 FPGA:10.19 PolyEco300: CPU:2.0.0 FPGA:10.19 3.2 Vulnerability Overview 3.2.1 SESSION FIXATION CWE-384 Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in req...

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.