Trojan.Win32.Autoit.fhj / Insecure Permissions

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Insecure Permissions
Description: The malware writes two hidden DLL files "vp8decoder.dll" and
"vp8encoder.dll" to its installation directory granting full (F)
permissions to...

Backdoor.Win32.Winshell.5_0 / Weak Hardcoded Credentials

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Winshell.5_0
Vulnerability: Weak Hardcoded Credentials
Description: The malware is UPX packed, listens on TCP port 5277 and
requires authentication for remote access. However, the password
"123456789" is weak...

Backdoor.Win32.Hupigon.aspg / Insecure Service Path

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aspg
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Attackers
who can place an arbitrary executable named "Program.exe" under c:\ drive
can...

Trojan-Spy.Win32.Pophot.bsl / Insecure Permissions

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8c0e6ec6b8ac9eb1169e63df71f24456.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Pophot.bsl
Vulnerability: Insecure Permissions
Description: The malware writes a BATCH file ".bat" to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the...

Trojan-Ransom.Win32.Hive.bv / Arbitrary Code Execution

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/44aba241dd3f0d156c6ed82a0ab3a9e1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Win32.Hive.bv
Vulnerability: Arbitrary Code Execution
Description: Hive Ransomware will load and execute arbitrary .EXE PE files
if a third-party adversary or defender uses the vulnerable naming
convention of...

sagemath denial of service with abort() in gmp: overflow in mpz type

Posted by Georgi Guninski on Sep 08

sagemath 9.0 and reportedly later on ubuntu 20.

sagemath gives access to the python interpreter,
so code execution is trivial.

We give DoS attacks, which terminates the sagemath process
with abort(), when raising symbolic expression to large integer power.

We get abort() with stack:

gmp: overflow in mpz type

#6 0x00007f55c83ee72e in __GI_abort () at
/build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79
#7 0x00007f55c56e0d20 in __gmpz_realloc ()...

AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal

Posted by Jens Regel | CRISEC on Sep 08

Title:
======
AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal

Author:
=======
Jens Regel, CRISEC IT-Security

CVE:
====
CVE-2022-23854

Advisory:
=========
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/

Timeline:
=========
25.06.2021 Vulnerability discovered
25.06.2021 Send details to custfirstsupport () aveva com
21.09.2021 Vendor response, fix is available until Q1/2022
25.09.2021 Vendor...

Red Hat Security Advisory 2022-6392-01

Red Hat Security Advisory 2022-6392-01 - The ovirt-host package consolidates host package requirements into a single meta package. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6382-01

Red Hat Security Advisory 2022-6382-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6393-01

Red Hat Security Advisory 2022-6393-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6385-01

Red Hat Security Advisory 2022-6385-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6384-01

Red Hat Security Advisory 2022-6384-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6287-01

Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6383-01

Red Hat Security Advisory 2022-6383-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-4976-2

Ubuntu Security Notice 4976-2 - USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks.

Red Hat Security Advisory 2022-6386-01

Red Hat Security Advisory 2022-6386-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Gentoo Linux Security Advisory 202209-05

Gentoo Linux Security Advisory 202209-5 - Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in denial of service. Versions less than 17.0.2_p8:17 are affected.

Red Hat Security Advisory 2022-6252-02

Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

Gentoo Linux Security Advisory 202209-04

Gentoo Linux Security Advisory 202209-4 - Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. Versions less than 2.5.0 are affected.

Red Hat Security Advisory 2022-6381-01

Red Hat Security Advisory 2022-6381-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6182-01

Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6370-01

Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.

Gentoo Linux Security Advisory 202209-03

Gentoo Linux Security Advisory 202209-3 - Multiple vulnerabilities have been discovered in OpenSC, the worst of which could result in the execution of arbitrary code. Versions less than 0.22.0 are affected.

Red Hat Security Advisory 2022-6183-01

Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6345-01

Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

Red Hat Security Advisory 2022-6348-01

Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

Gentoo Linux Security Advisory 202209-02

Gentoo Linux Security Advisory 202209-2 - Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. Versions less than 8.1.13.3 are affected.

Red Hat Security Advisory 2022-6351-01

Red Hat Security Advisory 2022-6351-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.10.5 images: RHEL-8-CNV-4.10. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6344-01

Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6355-01

Red Hat Security Advisory 2022-6355-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6354-01

Red Hat Security Advisory 2022-6354-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6358-01

Red Hat Security Advisory 2022-6358-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Gentoo Linux Security Advisory 202209-01

Gentoo Linux Security Advisory 202209-1 - A vulnerability has been discovered in GNU Gzip and XZ Utils' grep helpers which could result in writes to arbitrary files. Versions less than 1.12 are affected.

Red Hat Security Advisory 2022-6356-01

Red Hat Security Advisory 2022-6356-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6357-01

Red Hat Security Advisory 2022-6357-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6346-01

Red Hat Security Advisory 2022-6346-01 - Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. Issues addressed include denial of service and out of bounds read vulnerabilities.

Ubuntu Security Notice USN-5597-1

Ubuntu Security Notice 5597-1 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5599-1

Ubuntu Security Notice 5599-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5600-1

Ubuntu Security Notice 5600-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux

Posted by Tavis Ormandy on Sep 05

# About

The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.

For more information, see https://123r3.net

# Advisory

A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.

There have been no reports of this vulnerability being exploited...

Ubuntu Security Notice USN-5595-1

Ubuntu Security Notice 5595-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5591-4

Ubuntu Security Notice 5591-4 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5596-1

Ubuntu Security Notice 5596-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

OX App Suite Cross Site Scripting / Command Injection

OX App Suite versions 8.2 and earlier suffer from multiple cross site scripting vulnerabilities. Versions 7.10.6 and earlier suffer from a command injection vulnerability.

Ubuntu Security Notice USN-5591-3

Ubuntu Security Notice 5591-3 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5587-1

Ubuntu Security Notice 5587-1 - Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP server might return a 400 response. A malicious cookie host could possibly use this to cause denial-of-service.

Ubuntu Security Notice USN-5592-1

Ubuntu Security Notice 5592-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5594-1

Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5593-1

Ubuntu Security Notice 5593-1 - It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-5591-2

Ubuntu Security Notice 5591-2 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Open-Xchange Security Advisory 2022-09-01

Posted by Martin Heiland via Fulldisclosure on Sep 01

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: MWB-1540
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable...

[webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)

WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)

[webapps] Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass

Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass

[webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

APPLE-SA-2022-08-31-1 iOS 12.5.6

Posted by Apple Product Security via Fulldisclosure on Aug 31

APPLE-SA-2022-08-31-1 iOS 12.5.6

iOS 12.5.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213428.

iOS 12 is not impacted by CVE-2022-32894.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of...

Red Hat Security Advisory 2022-6312-01

Red Hat Security Advisory 2022-6312-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.