| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system.
When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown
to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device.
This exploit is persistent across reboots and even zeroization.
The indicator of compromise is a modified /etc/config/<platform>-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC).
To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media.
This issue affects Junos OS on EX4600 Series and QFX5000 Series:
* All versions before 21.4R3,
* 22.2 versions before 22.2R3-S3. |
| Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93. |
| Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise. |
| AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3. |
| A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. |
| A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.. |
| A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability. |
| Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. |
| MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0. |
| Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value. |
| A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account. |
| A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. |
| A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way. |
| Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device. |
| Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. |
| Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions that will treat it as trusted data via unauthenticated cluster messages. |
| Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. |
| A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.
We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later
|
| Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
| Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6. |
