#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: ...

### Summary This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory. ### Mitigation Please update to 5.2.3 or later. ### Workarounds None ### References If you have any questions or comments about this advisory: Email us at [[email protected]](mailto:[email protected])

### Summary This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports. ### Mitigation Please update to Mautic 5.2.3 or later ### Workarounds Disable the API in Mautic. See [documentation](https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings). ### References https://cwe.mitre.org/data/definitions/285.html https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings If you have any questions or comments...

### Summary This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * **Remote Code Execution (RCE) via Asset Upload:** A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * **Path Traversal File Deletion:** A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. ### Mitigation Please update to 5.2.3 or later. ### Workarounds None ### References https://owasp.org/www-community/attacks/Code_Injection https://owasp.org/www-community/attacks/Path_Traversal If you have any questions or comments about this advisory: Ema...

## Summary A [DOM-Based XSS](https://capec.mitre.org/data/definitions/588.html) was discovered in [copyparty](https://github.com/9001/copyparty), a portable fileserver. The vulnerability is considered low-risk. ## Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the same privileges as that user. For example, this could give unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself; it is not necessary to actually initiate the upload. The file must be empty (zero bytes). Note: As a general-purpose webserver, it is intentionally possible to upload HTML-files with arbitrary javascript in `<script>` tags, which will execute when the file is opened. The difference is that this vulnerability would trigger execution of javascript during the act of uploading, and not when the uploaded file was opened. ## Proof of Conce...

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

### Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. ### Patches The vulnerability has been patched in matrix-appservice-irc version 3.0.4. ### For more information If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:[email protected]).