Vulnerabilities

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.<br /> <br />

Issue summary: Generating excessively long X9.42 DH keys or checking<br /> excessively long X9.42 DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_generate_key() to<br /> generate an X9.42 DH key may experience long delays. Likewise, applications<br /> that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()<br /> to check an X9.42 DH key or X9.42 DH parameters may experience long delays.<br /> Where the key or parameters that are being checked have been obtained from<br /> an untrusted source this may lead to a Denial of Service.<br /> <br /> While DH_check() performs all the necessary checks (as of CVE-2023-3817),<br /> DH_check_pub_key() doesn&amp;#39;t make any of these checks, and is therefore<br /> vulnerable for excessively large P and Q parameters.<br /> <br /> Likewise, while DH_generate_key() performs a check for an excessively large<br /> P, it doesn&amp;#39;t check for an excessively large Q.<br /> <br /> An application that calls DH_generate_key() or DH_check_pub_key() and<br /> supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> DH_generate_key() and DH_check_pub_key() are also called by a number of<br /> other OpenSSL functions. An application calling any of those other<br /> functions may similarly be affected. The other functions affected by this<br /> are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().<br /> <br /> Also vulnerable are the OpenSSL pkey command line application when using the<br /> "-pubcheck" option, as well as the OpenSSL genpkey command line application.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user&amp;#39;s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).<br /> <br />

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.<br /> <br /> To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.<br /> <br /> To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.<br /> <br /> To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI

Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin