Vulnerabilities

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.

<br /> A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />

Improper Neutralization of Special Elements used in a Command (&amp;#39;Command Injection&amp;#39;) vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.

Improper Neutralization of Special Elements used in a Command (&amp;#39;Command Injection&amp;#39;) vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.<br /> This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.<br /> <br />

IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.

IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn&amp;#39;t want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue.

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

Issue summary: Checking excessively long DSA keys or parameters may be very<br /> slow.<br /> <br /> Impact summary: Applications that use the functions EVP_PKEY_param_check()<br /> or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may<br /> experience long delays. Where the key or parameters that are being checked<br /> have been obtained from an untrusted source this may lead to a Denial of<br /> Service.<br /> <br /> The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform<br /> various checks on DSA parameters. Some of those computations take a long time<br /> if the modulus (`p` parameter) is too large.<br /> <br /> Trying to use a very large modulus is slow and OpenSSL will not allow using<br /> public keys with a modulus which is over 10,000 bits in length for signature<br /> verification. However the key and parameter check functions do not limit<br /> the modulus size when performing the checks.<br /> <br /> An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()<br /> and supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> These functions are not called by OpenSSL itself on untrusted DSA keys so<br /> only applications that directly call these functions may be vulnerable.<br /> <br /> Also vulnerable are the OpenSSL pkey and pkeyparam command line applications<br /> when using the `-check` option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.