Vulnerabilities

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

Issue summary: Checking excessively long DSA keys or parameters may be very<br /> slow.<br /> <br /> Impact summary: Applications that use the functions EVP_PKEY_param_check()<br /> or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may<br /> experience long delays. Where the key or parameters that are being checked<br /> have been obtained from an untrusted source this may lead to a Denial of<br /> Service.<br /> <br /> The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform<br /> various checks on DSA parameters. Some of those computations take a long time<br /> if the modulus (`p` parameter) is too large.<br /> <br /> Trying to use a very large modulus is slow and OpenSSL will not allow using<br /> public keys with a modulus which is over 10,000 bits in length for signature<br /> verification. However the key and parameter check functions do not limit<br /> the modulus size when performing the checks.<br /> <br /> An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()<br /> and supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> These functions are not called by OpenSSL itself on untrusted DSA keys so<br /> only applications that directly call these functions may be vulnerable.<br /> <br /> Also vulnerable are the OpenSSL pkey and pkeyparam command line applications<br /> when using the `-check` option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `

Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.

Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.

Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends a request to an endpoint and will use the data from the body of the response as the data to evaluate against a certain rule. If the response is sufficiently large, it can drain memory on the machine and crash the Minder server. The attacker can control the remote REST endpoints that Minder sends requests to, and they can configure the remote REST endpoints to return responses with large bodies. They would then instruct Minder to send a request to their configured endpoint that would return the large response which would crash the Minder server. Version 0.0.49 fixes this issue.

Deserialization of Untrusted Data vulnerability in WebToffee Order Export &amp; Order Import for WooCommerce.This issue affects Order Export &amp; Order Import for WooCommerce: from n/a through 2.4.9.

Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta&amp;#39;s fork.

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.

Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.