FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayFull Disclosure

APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4

macOS Ventura 13.6.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214058.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with...

APPLE-SA-01-22-2024-5 macOS Sonoma 14.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-5 macOS Sonoma 14.3

macOS Sonoma 14.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214061.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel...

APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1

iOS 15.8.1 and iPadOS 15.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214062.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation),...

APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5

iOS 16.7.5 and iPadOS 16.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214063.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3

iOS 17.3 and iPadOS 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214059.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro...

APPLE-SA-01-22-2024-1 Safari 17.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-1 Safari 17.3

Safari 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214056.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari
Available for: macOS Monterey and macOS Ventura
Impact: A user's private browsing activity may be visible in Settings...

[Full Disclosure] CVE-2024-22903: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

Posted by Valentin Lobstein via Fulldisclosure on Jan 26

CVE ID: CVE-2024-22903

Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier

Description:
A significant security vulnerability, CVE-2024-22903, has been identified in the `deleteUpdateAPK` function within the
`SystemHandler.class.php` file of Vinchin Backup & Recovery software, affecting versions 7.2 and earlier. This
function, designed to delete APK files, is prone to...

[Full Disclosure] CVE-2024-22902: Default Root Credentials in Vinchin Backup & Recovery v7.2 and Earlier

Posted by Valentin Lobstein via Fulldisclosure on Jan 26

CVE ID: CVE-2024-22902

Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2

Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a
significant security vulnerability.

Additional Information:
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password
authentication...

[Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier

Posted by Valentin Lobstein via Fulldisclosure on Jan 26

CVE ID: CVE-2024-22901

Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2

Description:
A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2.
The software has been found to use default MYSQL credentials, which could lead to significant security risks.

Additional Information:
Vinchin has not addressed previous disclosures, including...

Re: ODR violation in Redis Raft

Posted by Jeffrey Walton on Jan 18

I fail to see how a One Definition Rule (ODR) violation results in a
Remote Code Execution.

Can you share your PoC, please?

Jeff

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)

Posted by Georgi Guninski on Jan 18

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)

Tested on: firefox 121 and chrome 120 on GNU/linux

Date: Thu Jan 18 08:38:28 AM UTC 2024

This is barely a DoS, but since it might affect Chrome too we decided
to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the...

Legends of IdleOn - I Reject Your RNG And Substitute My Own

Posted by Soatok Dreamseeker on Jan 17

Hello Full Disclosure mailing list!

Legends of IdleOn is a popular free-to-play game on Android, iOS, Steam,
and Web. While playing around with it last year, I got curious and noticed
a trivial way to manipulate the random number generator.

After six months of radio silence from the developer, including asking the
Discord moderators for help getting the developer's attention, I've decided
to publish this publicly:...

Buffer over-read in dtls_sha256_update of TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. A buffer over-read exists in the dtls_sha256_update
function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information
by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed
packets.

[Vulnerability Type]
Buffer Overflow

[Vendor of...

Misues same epoch number within TCP lifetime in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers allow remote attackers to reuse the
same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability
allows remote attackers to obtain sensitive application (data of connected clients).

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]...

Assertion failure in check_certificate_request() of TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An assertion failure in check_certificate_request()
causes the server to exit unexpectedly (a denial of service).

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls - master branch 53a0d97

[Affected Component]
the service of dtls...

Buffer over-read in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. Incorrect handling of over-large packets in
dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls - master branch 53a0d97

[Affected Component]
the service of dtls servers...

Infinite loop leading to buffer overflow in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An infinite loop bug exists during the handling of a
ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed
ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all
resources) and a buffer over-read that can disclose sensitive...

Mishandle epoch number in TinyDTLS servers

Posted by Meng Ruijie on Jan 17

About CVE-2021-42142:

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers mishandle the early use of a large
epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]...

Incorrect handshake in TinyDTLS

Posted by Meng Ruijie on Jan 17

About CVE-2021-42141:

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with
different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause
denial of service.

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code...

ODR violation in Redis Raft

Posted by Meng Ruijie on Jan 17

[Suggested description]
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component
hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.

[VulnerabilityType Other]
AddressSanitizer: odr-violation

[Vendor of Product]
Redis

[Affected Product Code Base]
raft - master-1b8bd86 to master-7b46079

[Affected Component]
affected executable

[Attack Type]
Remote

[Impact Code execution]
true

[Impact...

Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL

Posted by malvuln on Jan 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32 Carbanak (Anunak)
Vulnerability: Named Pipe Null DACL
Family: Carbanak
Type: PE32
MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1
Vuln ID: MVID-2024-0667
Dropped files: AlhEXlUJ.exe, AlhEXlUJbVpfX1EMVw.bin
Disclosure: 01/09/2024...

CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series

Posted by Thomas Weber via Fulldisclosure on Jan 14

CyberDanube Security Research 20240109-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Korenix JetNet Series
vulnerable version| See "Vulnerable versions"
fixed version| -
CVE number| CVE-2023-5376, CVE-2023-5347
impact| High
homepage| https://www.korenix.com/
found|...

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Harry Sintonen via Fulldisclosure on Jan 14

Tar does set setuid bit, but tar is not vulnerable. This is not an attack.

The user is responsible for extracting the archives to secure location
and not letting other users access to insecure setuid binaries. See:

https://www.gnu.org/software/tar/manual/html_section/Security.html#Security-rules-of-thumb

These same security considerations also apply to cpio.

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Harry Sintonen via Fulldisclosure on Jan 14

So does for example tar. The same rules that apply to tar also apply to
cpio:

"Extract from an untrusted archive only into an otherwise-empty directory.
This directory and its parent should be accessible only to trusted users."

This is a user error, not a vulnerability in cpio.

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Georgi Guninski on Jan 14

Hi, thanks for the feedback :)

Which version of tar is vulnerable to this attack? I am pretty sure
this was fixed in tar and zip `long long` ago.

tar and zip on fedora 38 are definitely not vulnerable, they clear
the setuid bit.

I continue to suspect this is vulnerability because:
1. There is directory traversal protection for untrusted archives
2. tar and zip and not vulnerable

bash script for setuid files in tar:

#!/bin/bash

mkdir -p...

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by fulldisclosure on Jan 14

Am 08.01.24 um 10:25 schrieb Georgi Guninski:

It's not a vulnerability, as

a) cpio archives must archive that flag as cpio is part of RPM packages
and those
must be able to contain setuid flags. Otherwise, you would need to add
chmod u+sย  cmds to any %POST
section. Breaking this, would invalidate so many existing packages =>
won't happen

note: initramfs makes use of cpio as well, but setuid is not needed
here, as it's...

Re: [SBA-ADV-20220120-01] MOKOSmart MKGW1 Gateway Improper Session Management

Posted by SBA - Advisory via Fulldisclosure on Jan 14

MITRE assigned CVE-2023-51059 for this issue.

cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Georgi Guninski on Jan 08

cpio privilege escalation vulnerability via setuid files in cpio archive

Happy New Year, let in 2024 happiness be with you! :)

When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.

One example is r00t extracts to /tmp/ and scidiot runs /tmp/micq/backd00r
without further interaction from root.

We believe this is vulnerability, since directory traversal in cpio
is considered...

OXAS-ADV-2023-0006: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Jan 08

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: MWB-2315
Type:...

OXAS-ADV-2023-0005: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Jan 08

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: MWB-2261
Type:...

SSH-Snake: Automated SSH-Based Network Traversal

Posted by Joshua Rogers on Jan 08

SSH-Snake is a powerful tool designed to perform automatic network
traversal using SSH private keys discovered on systems, with the objective
of creating a comprehensive map of a network and its dependencies,
identifying to what extent a network can be compromised using SSH and SSH
private keys starting from a particular system.

SSH-Snake can automatically reveal the relationship between systems which
are connected via SSH, which would normally...

RansomLord v2 - Anti-Ransomware Exploitation Tool / New Release

Posted by hyp3rlinx on Jan 04

RansomLord v2 - Anti-Ransomware Exploitation Tool

[Description]
RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that
generates PE files, used to exploit vulnerable Ransomware pre-encryption.

Lang: C

SHA256 : 8EA83752C4096C778709C14B60B9735CC68A5971DCDB0028A0BB167550554769

This version now intercepts and terminates malware tested from 43 different
threat groups.
Adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake,...

Windows PowerShell Single Quote Code Execution / Event Log Bypass

Posted by hyp3rlinx on Jan 04

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WINDOWS_POWERSHELL_SINGLE_QUOTE_CODE_EXEC_EVENT_LOG_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] twitter.com/malvuln
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Windows PowerShell

Built on the . NET Framework, Windows PowerShell helps IT professionals and
power users control and automate the...

[ES2023-02] FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

Posted by Sandro Gauci on Dec 26

# FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

- Fixed versions: 1.10.11
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2023-02-freeswitch-dtls-hello-race
- Vendor Security Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6
- Other references: CVE-2023-51443
- Tested vulnerable versions: 1.10.10
- Timeline:
-...

asterisk release 20.5.1

Posted by Asterisk Development Team via Fulldisclosure on Dec 19

The Asterisk Development Team would like to announce security release
Asterisk 20.5.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.5.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside
files](...

asterisk release 18.20.1

Posted by Asterisk Development Team via Fulldisclosure on Dec 19

The Asterisk Development Team would like to announce security release
Asterisk 18.20.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.20.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside
files](...

CORRECTED asterisk release 21.0.1

Posted by Asterisk Development Team on Dec 19

The earlier announcement should not have had any User or Upgrade notes.

The Asterisk Development Team would like to announce security release
Asterisk 21.0.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.0.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows...

CORRECTED asterisk release certified-18.9-cert6

Posted by Asterisk Development Team on Dec 19

The earlier release announcement should NOT have had any User or Upgrade
notes.

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert6.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

The following security advisories were resolved in this release:...

[ES2023-03] RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation

Posted by Sandro Gauci on Dec 19

# RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation

- Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-03-rtpengine-dtls-hello-race
- Vendor Patch: https://github.com/sipwise/rtpengine/commit/e969a79428ac4a15cdf1c0a1c6f266dbdc7e60b6
- Tested vulnerable versions: mr11.5.1.6
- Timeline:...

[ES2023-01] Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation

Posted by Sandro Gauci on Dec 19

# Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation

- Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
- Vendor Security Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
- Other references: CVE-2023-49786
- Tested vulnerable versions: 20.1.0
-...

[KIS-2023-14] PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability

Posted by Egidio Romano on Dec 19

---------------------------------------------------------------------------------
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution
Vulnerability
---------------------------------------------------------------------------------

[-] Software Links:

https://pkp.sfu.ca
https://github.com/pkp/pkp-lib

[-] Affected Versions:

PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-3
and prior versions, as used in Open...

[SBA-ADV-20220120-01] MOKOSmart MKGW1 Gateway Improper Session Management

Posted by SBA - Advisory via Fulldisclosure on Dec 19

# MOKOSmart MKGW1 Gateway Improper Session Management #

Link:
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management

## Vulnerability Overview ##

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do
not provide an adequate session management for the administrative web
interface. This allows adjacent attackers with access to the management
network to...

APPLE-SA-12-19-2023-1 macOS Sonoma 14.2.1

Posted by Apple Product Security via Fulldisclosure on Dec 19

APPLE-SA-12-19-2023-1 macOS Sonoma 14.2.1

macOS Sonoma 14.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214048.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WindowServer
Available for: macOS Sonoma
Impact: A user who shares their screen may unintentionally share the...

Disclosure of CVE-2023-50917: RCE Vulnerability in MajorDoM

Posted by Balgogan via Fulldisclosure on Dec 19

**Introduction**

MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted
name for over a decade. With over 380 stars on its official GitHub repository at the time of writing
(https://github.com/sergejey/majordomo), its popularity is evident. However, lurking within its `thumb.php` module is a
severe unauthenticated Remote Code Execution (RCE) vulnerability before 0662e5e.
NOTE:...

SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231211-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: PDF24 Creator (geek Software GmbH)
vulnerable version: <=11.15.1
fixed version: 11.15.2
CVE number: CVE-2023-49147
impact: High
homepage:...

SEC Consult SA-20231206 :: Kiosk Escape Privilege Escalation in One Identity Password Manager Secure Password Extension

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231206-0 >
=======================================================================
title: Kiosk Escape Privilege Escalation
product: One Identity Password Manager Secure Password Extension
vulnerable version: <5.13.1
fixed version: 5.13.1
CVE number: CVE-2023-48654
impact: critical
homepage:...

SEC Consult SA-20231205 :: Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (SBC), Branch, BCF

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231205-0 >
=======================================================================
title: Argument injection leading to unauthenticated RCE and
authentication bypass
product: Atos Unify OpenScape Session Border Controller (SBC)
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF
vulnerable...

SEC Consult SA-20231128 :: Missing Certificate Validation & User Enumeration in Anveo Mobile App and Server

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231128-0 >
=======================================================================
title: Missing Certificate Validation & User Enumeration
product: Anveo Mobile App and Server
vulnerable version: Mobile App: 10.0.0.359 / 2016-07-13; Server: 11.0.0.5
fixed version: -
CVE number: -
impact: Medium
homepage:...

HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir

Posted by Marco Ivaldi on Dec 12

Hi,

Please find attached a security advisory that describes some buffer
overflow vulnerabilities we discovered in TinyDir.

* Title: Buffer overflow vulnerabilities with long path names in TinyDir
* Product: TinyDir <= 1.2.5
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-12-04
* CVE ID: CVE-2023-49287
* Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* Vendor URL: https://github.com/cxong/tinydir...

APPLE-SA-12-11-2023-8 watchOS 10.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-8 watchOS 10.2

watchOS 10.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214041.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access sensitive user data
Description: A...

APPLE-SA-12-11-2023-7 tvOS 17.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-7 tvOS 17.2

tvOS 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214040.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AVEVideoEncoder
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to disclose kernel memory...

APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2

macOS Monterey 12.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214037.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: A...

APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3

macOS Ventura 13.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214038.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A...

APPLE-SA-12-11-2023-4 macOS Sonoma 14.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-4 macOS Sonoma 14.2

macOS Sonoma 14.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214036.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sonoma
Impact: Secure text fields may be displayed via the Accessibility
Keyboard...

APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3

iOS 16.7.3 and iPadOS 16.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214034.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and...

APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2

iOS 17.2 and iPadOS 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214035.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

APPLE-SA-12-11-2023-1 Safari 17.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-1 Safari 17.2

Safari 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214039.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution...

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

macOS Sonoma 14.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214032.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma
Impact: Processing web content may disclose sensitive information. Apple
is...

APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2

iOS 17.1.2 and iPadOS 17.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214031.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

APPLE-SA-11-30-2023-1 Safari 17.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-11-30-2023-1 Safari 17.1.2

Safari 17.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214033.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may disclose sensitive information....
โŒ