Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2311

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2311

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site Scripting...

RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2261

Article:https://www.vulnerability-db.com/?q=articles/2022/10/11/rhein-ruhr-express-rrx-dns-cache-snooping-vulnerability-wifi-hotspot

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2261

Common...

WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2322

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2322

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site...

Stripe Green Downloads 2.03 - Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2287

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2287

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site...

MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2319

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2319

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site Scripting...

Webile v1.0.1 - Directory Traversal Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Webile v1.0.1 - Directory Traversal Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2320

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2320

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
Directory- or...

MapTool v1.11.5 - Denial of Service Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2318

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2318

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Denial of Service...

Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2307

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2307

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Cross Site...

Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials

Posted by malvuln on Oct 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Redkod.d
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 4820. Authentication is
required, however the password "redkod" is weak and hardcoded in cleartext
within the PE...

OpenStack Horizon, it is posible to trigger a POST Request to any address

Posted by Sven Anders on Oct 20

Hi,

we opened a bug at OpenStack, 3 month ago, but nobody takes care about it. Due
to the OpenStack guidlines the bug report is now public readable.

https://bugs.launchpad.net/horizon/+bug/1980349

I am not a security expert and do not know how bad this bug is, there is now
CVE and so on. Please be kind.

# Description of the bug

We use OpenStack horizon in the following version: `git+https://opendev.org/...

Red Hat Security Advisory 2022-7003-01

Red Hat Security Advisory 2022-7003-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7005-01

Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Debian Security Advisory 5258-1

Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).

Ubuntu Security Notice USN-5688-1

Ubuntu Security Notice 5688-1 - It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7024-01

Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7020-01

Red Hat Security Advisory 2022-7020-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7019-01

Red Hat Security Advisory 2022-7019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7023-01

Red Hat Security Advisory 2022-7023-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Debian Security Advisory 5257-1

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Red Hat Security Advisory 2022-7021-01

Red Hat Security Advisory 2022-7021-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5687-1

Ubuntu Security Notice 5687-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-7022-01

Red Hat Security Advisory 2022-7022-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7025-01

Red Hat Security Advisory 2022-7025-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7026-01

Red Hat Security Advisory 2022-7026-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5686-1

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

Red Hat Security Advisory 2022-6997-01

Red Hat Security Advisory 2022-6997-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6998-01

Red Hat Security Advisory 2022-6998-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5685-1

Ubuntu Security Notice 5685-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service, obtain sensitive information, or execute arbitrary code.

Red Hat Security Advisory 2022-6996-01

Red Hat Security Advisory 2022-6996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6983-01

Red Hat Security Advisory 2022-6983-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6995-01

Red Hat Security Advisory 2022-6995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6963-01

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Ubuntu Security Notice USN-5684-1

Ubuntu Security Notice 5684-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-6978-01

Red Hat Security Advisory 2022-6978-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6914-01

Red Hat Security Advisory 2022-6914-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30.

Red Hat Security Advisory 2022-6915-01

Red Hat Security Advisory 2022-6915-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10.

Ubuntu Security Notice USN-5570-2

Ubuntu Security Notice 5570-2 - USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

[webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Backdoor.Win32.DarkSky.23 / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Oct 16

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkSky.23
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5418. Third-party adversaries
who can reach the server can send a specially crafted payload triggering a
stack...

CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Oct 16

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Intelbras WiFiber 120AC inMesh
  vulnerable version| 1.1-220216
       fixed version| 1-1-220826
          CVE number|
              impact| High
            homepage|...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Georgi Guninski on Oct 16

Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618

APPLE-SA-2022-10-10-1 iOS 16.0.3

Posted by Apple Product Security via Fulldisclosure on Oct 16

APPLE-SA-2022-10-10-1 iOS 16.0.3

iOS 16.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213480.

Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658

This update is available through iTunes and...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Matthew Fernandez on Oct 16

I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.

The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application...

Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2022-32906)

Posted by David Coomber on Oct 16

Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2022-32906)

https://www.info-sec.ca/advisories/Apple-Music-Android.html

Overview

"Stream over 90 million songs, all ad-free."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android application (versions 3.8.0 - 3.10.2 were
tested, versions 2.0.1 - 3.7.2 have not been tested
[...

Red Hat Security Advisory 2022-6941-01

Red Hat Security Advisory 2022-6941-01 - This release of Red Hat build of Quarkus 2.7.6.SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6921-01

Red Hat Security Advisory 2022-6921-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5672-1

Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-6801-01

Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5673-1

Ubuntu Security Notice 5673-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-6805-01

Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6916-01

Red Hat Security Advisory 2022-6916-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a html injection vulnerability.

Ubuntu Security Notice USN-5670-1

Ubuntu Security Notice 5670-1 - Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-5671-1

Ubuntu Security Notice 5671-1 - It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8 under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-6890-01

Red Hat Security Advisory 2022-6890-01 - Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2022-6875-01

Red Hat Security Advisory 2022-6875-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6878-01

Red Hat Security Advisory 2022-6878-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.