Vulnerabilities (Page 44)

[Box] Bypassing Time-based One-Time Password (TOTP)

A partially authentication user could remove MFA from their account. During the login process when enrolled in the MFA program, a user who logged in with the correct credentials, but had not yet provided the MFA token could access the /mfa/unenrollment endpoint and remove MFA from the account.

 

AWS SageMaker Jupyter Notebook Instance Takeover

Starts off by detailing a self XSS through JupyterLabs Notebook’s /lab endpoint, where an attacker can control the page contents.In and of itself this isn’t an issue, an attacker can only control the page contents of a notebook instance they own…

 

OOB read/write in KVM sev_es_string_io

Out-of-bounds (OOB) access in the VMGExit handler, which is triggered for string I/O instructions.The sev_es_string_io() function is responsible for doing the string copy between the unencrypted guest memory regions and the virtualized target…

 

Couple OOB Writes in Anker Eufy Homebase 2

In the recv_server-device_response_msg_process() handler, a nums field gets pulled out of the packet’s JSON payload, and is used to represent the total number of UDP server domains.The application then iterates based on this field, looking for its respective domain%d key in the JSON…