#ssl

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authenticati...

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

The firmware update package for the wireless card is not properly signed and can be modified.

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, disclose information, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​SIMATIC MV540 H (6GF3540-0GE10): All versions prior to v3.3.4 ​SIMATIC MV540 S (6GF3540-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV550 H (6GF3550-0GE10): All versions prior to v 3.3.4 ​SIMATIC MV550 S (6GF3550-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV560 U (6GF3560-0LE10): ...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm. 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet causing certain functions to fail, achieve a man-in-the-middle attack, or arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​RUGGEDCOM ROX MX5000: All versions prior to V2.16.0 ​RUGGEDCOM ROX MX5000RE: All versions prior to V2.16.0 ​RUGGEDCOM ROX RX1400: All versions pr...

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four