Vulnerabilities

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow <br /> compromise key generation, certificate loading, and other card management operations during enrollment.

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.<br />

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin<br /> <br />

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. <br /> <br />

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.<br /> <br />

Issue summary: Generating excessively long X9.42 DH keys or checking<br /> excessively long X9.42 DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_generate_key() to<br /> generate an X9.42 DH key may experience long delays. Likewise, applications<br /> that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()<br /> to check an X9.42 DH key or X9.42 DH parameters may experience long delays.<br /> Where the key or parameters that are being checked have been obtained from<br /> an untrusted source this may lead to a Denial of Service.<br /> <br /> While DH_check() performs all the necessary checks (as of CVE-2023-3817),<br /> DH_check_pub_key() doesn&amp;#39;t make any of these checks, and is therefore<br /> vulnerable for excessively large P and Q parameters.<br /> <br /> Likewise, while DH_generate_key() performs a check for an excessively large<br /> P, it doesn&amp;#39;t check for an excessively large Q.<br /> <br /> An application that calls DH_generate_key() or DH_check_pub_key() and<br /> supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> DH_generate_key() and DH_check_pub_key() are also called by a number of<br /> other OpenSSL functions. An application calling any of those other<br /> functions may similarly be affected. The other functions affected by this<br /> are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().<br /> <br /> Also vulnerable are the OpenSSL pkey command line application when using the<br /> "-pubcheck" option, as well as the OpenSSL genpkey command line application.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user&amp;#39;s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).<br /> <br />

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.