Tag
#git
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Edge Devices Vulnerability: Weak Authentication 2. RISK EVALUATION Successful exploitation of the vulnerability could allow an unauthenticated attacker to bypass authentication and impersonate a legitimate user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge Own Device (IEOD): All versions prior to V1.21.1-1-a Siemens Industrial Edge Virtual Device: All versions prior to V1.21.1-1-a Siemens SCALANCE LPE9413 (6GK5998-3GS01-2AC2): All versions Siemens SIMATIC IPC127E In...
Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…
Cybersecurity researchers have identified a new spam campaign driven by ‘AkiraBot,’ an AI-powered bot that targets small business…
Another day, another data breach claim involving a high-profile company!
### Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur. ### Details The fix is to add a limit to the cache size. This was done in https://github.com/mlc-ai/xgrammar/pull/243 An example of making use of the new cache size limit can be found in vLLM here: https://github.com/vllm-project/vllm/pull/16283 ### Impact Any system making use of Xgrammar and taking requests as input from potentially untrusted parties would be vulnerable to this denial of service issue.
Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High (Catastrophic Impact; Rare Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: <= v0.40.2 Affected users: Everyone ### Description tendermint-rs contains a critical vulnerability in its light client implementation due to insecure handling of corrupted validator sets. Because it doesn't check that the validator address is correctly derived from the validator's public key when counting votes, it is possible to spoof votes from other validators. The result is being able to construct the malicious block and cheat the light client. The light client will accept such a block, seemingly signed by 2/3+ majority. ### Patches The new tendermint-rs release [v0.40.3](https://github.com/informalsystems/tendermint-rs/releases/tag/v0.40.3) fixes this issue. Unreleased code in the main branch is pat...
### Summary In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. ### Patches This issue is patched in 2.16.1 and 3.0.0-alpha.5. ### PoC https://gist.github.com/linhnph05/03d677b183636af206ff781bdd19701a ### Impact 1. Redirect user to another phishing site 2. Make request to another endpoint of the application based on user's cookie 3. Steal user's cookie
### Summary There was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. ### PoC - First, create a file named **model.py** to create a simple model and save it ``` import bentoml import numpy as np class mymodel: def predict(self, info): return np.abs(info) def __call__(self, info): return self.predict(info) model = mymodel() bentoml.picklable_model.save_model("mymodel", model) ``` - Then run the following command to save this model ``` python3 model.py ``` - Next, create **bentofile.yaml** to build this model ``` service: "service.py" description: "A model serving service with BentoML" python: packages: - bentoml - numpy models: - tag: MyModel:latest include: - "*.py" ``` - Then, create **service.p...
A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. ### Impact This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
Luxembourg, Luxembourg, 9th April 2025, CyberNewsWire