Impact
In ReactPHP’s HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that de…
[mangadex-downloader] mangadex-downloader vulnerable to unauthorized file reading
Impact
When using file:<location> command and <location> is web URL location (http, https). mangadex-downloader will try to open and read a file in local disk for each line of website content.
So far, the app only read the files and not ex…
[jose] JOSE vulnerable to resource exhaustion via specifically crafted JWE
The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c (PBES2 Count), which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally…
[github.com/talos-systems/talos] Talos worker join token can be used to get elevated access level to the Talos API
Impact
Talos worker nodes use a join token to get accepted into the Talos cluster. A misconfigured Kubernetes environment may allow workloads to access the join token of the worker node. A malicious workload could then use the join token to construct a…
[github.com/siderolabs/talos] nftables binding to an already bound chain
Impact
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.
Affected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tabl…
[typo3/cms-core] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Meta
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C (5.5)
Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from anoth…
[typo3/cms-core] TYPO3 CMS vulnerable to User Enumeration via Response Timing
Meta
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C (4.9)
Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing u…
[typo3/cms] TYPO3 CMS missing check for expiration time of password reset token for backend users
Meta
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C (5.0)
Problem
It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could …
[typo3/cms-core] TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Meta
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (5.0)
Problem
It has been discovered that the FileDumpController (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using thi…
[cargo] Cargo extracting malicious crates can fill the file system
The Rust Security Response WG was notified that Cargo did not prevent extracting some malformed packages downloaded from alternate registries. An attacker able to upload packages to an alternate registry could fill the file system when Cargo downloaded…