A week in security (March 11 – March 17)
A list of topics we covered in the week of March 11 to March 17 of 2024
A list of topics we covered in the week of March 11 to March 17 of 2024
Who is responsible for calculating the Platform Configuration Register (PCR) value? Is the operation system or the TPM?
What if the operating system is hacked? Can the hacked system always calculate the "right" PCR value to fool …
A vulnerability classified as problematic has been found in Crypt-OpenSSL-RSA 1.5 on Perl. Affected is an unknown function of the component PKCS#1 Padding Handler. The manipulation leads to observable timing discrepancy.
This vulnerability is traded a…
A vulnerability was found in OpenStack Murano up to 16.0.0. It has been rated as problematic. This issue affects some unknown processing of the component YAQL. The manipulation leads to information disclosure.
The identification of this vulnerability …
A vulnerability was found in danielmiessler fabric up to 1.3.0. It has been declared as problematic. This vulnerability affects the function htmlToPlainText of the file installer/client/gui/static/js/index.js. The manipulation leads to cross site scrip…
A vulnerability was found in Rocket.Chat.Audit up to 5ad78e8. It has been classified as problematic. This affects an unknown part of the component filecachetools Handler. The manipulation leads to Privilege Escalation.
This vulnerability is uniquely i…
A vulnerability was found in FusionPBX up to 5.1.x and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation leads to manage user sessions.
This vulnerability is handled as C…
A vulnerability has been found in Kossy up to 0.59 on Perl and classified as problematic. Affected by this vulnerability is an unknown functionality of the component JSON Handler. The manipulation of the argument X-Requested-With leads to Privilege Esc…
A vulnerability, which was classified as problematic, was found in Siklu TG Terragraph up to 2.1.0. Affected is the function GetCredentials. The manipulation leads to insufficiently random values.
This vulnerability is traded as CVE-2022-47037. The at…
A vulnerability, which was classified as critical, has been found in AbemaTV ABEMA App on Android. This issue affects some unknown processing. The manipulation leads to improper access controls.
The identification of this vulnerability is CVE-2024-287…