Vulnerabilities

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Brocade SANnav before SANnav 2.3.1b <br /> enables weak TLS ciphers on ports 443 and 18082. In case of a successful<br /> exploit, an attacker can read Brocade SANnav data stream that includes <br /> monitored Brocade Fabric OS switches performance data, port status, <br /> zoning information, WWNs, IP Addresses, but no customer data, no <br /> personal data and no secrets or passwords, as it travels across the <br /> network.

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Implementation of the Simple Network <br /> Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) <br /> embedded switch blade, makes internal script calls to system.sh from <br /> within the SNMP binary. An authenticated attacker could perform command <br /> or parameter injection on SNMP operations that are only enabled on the <br /> Brocade 6547 (FC5022) embedded switch. This injection could allow the <br /> authenticated attacker to issue commands as Root.

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.

For a brief summary of Xapi terminology, see:<br /> <br /> https://xapi-project.github.io/xen-api/overview.html#object-model-overview <br /> <br /> Xapi contains functionality to backup and restore metadata about Virtual<br /> Machines and Storage Repositories (SRs).<br /> <br /> The metadata itself is stored in a Virtual Disk Image (VDI) inside an<br /> SR. This is used for two purposes; a general backup of metadata<br /> (e.g. to recover from a host failure if the filer is still good), and<br /> Portable SRs (e.g. using an external hard drive to move VMs to another<br /> host).<br /> <br /> Metadata is only restored as an explicit administrator action, but<br /> occurs in cases where the host has no information about the SR, and must<br /> locate the metadata VDI in order to retrieve the metadata.<br /> <br /> The metadata VDI is located by searching (in UUID alphanumeric order)<br /> each VDI, mounting it, and seeing if there is a suitable metadata file<br /> present. The first matching VDI is deemed to be the metadata VDI, and<br /> is restored from.<br /> <br /> In the general case, the content of VDIs are controlled by the VM owner,<br /> and should not be trusted by the host administrator.<br /> <br /> A malicious guest can manipulate its disk to appear to be a metadata<br /> backup.<br /> <br /> A guest cannot choose the UUIDs of its VDIs, but a guest with one disk<br /> has a 50% chance of sorting ahead of the legitimate metadata backup. A<br /> guest with two disks has a 75% chance, etc.

Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio&amp;#39;s `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims&amp;#39; browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims&amp;#39; contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.