Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-c7w6-33j3-j3mx: Ryu Infinite Loop vulnerability

`OFPBucket` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `action.len=0`.

ghsa
Open in Source
#vulnerability#dos#git
GHSA-ffp9-pfq9-g2ww: Ryu Infinite Loop vulnerability

`OFPMultipartReply` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `b.length=0`.

GHSA-fgpw-cx3v-wj95: Ryu Infinite Loop vulnerability

`OFPPacketQueue` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `OFPQueueProp.len=0`.

GHSA-59p2-v62x-gxj8: Ryu Infinite Loop vulnerability

`OFPHello` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `length=0`.

A New Surveillance Tool Invades Border Towns

Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news.

GHSA-hr2r-w6wc-25pv: Zenario uses Twig filters insecurely in the Twig Snippet plugin

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

GHSA-7qwj-gcjf-828f: Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)

New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

By Waqas A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark This is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

GHSA-qq22-jj8x-4wwv: Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

### Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. ### Workarounds Enabling the `api.disable_remote_download` option or updating to the latest version of Wings are the only known workarounds. ### Patches https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8

GHSA-gqmf-jqgv-v8fw: Pterodactyl Wings vulnerable to Arbitrary File Write/Read

### Impact If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. ### Workarounds Enabling the `ignore_panel_config_updates` option or updating to the latest version of Wings are the only known workarounds. ### Patches https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de