Security Vulnerabilities - CVEs Published In December 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-12
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-12-12
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-12
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-12
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-12
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-12-12
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-12
The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-12-12
The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.
CVSS Score
6.1
EPSS Score
0.008
Published
2023-12-12
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-12-12