Red Hat Security Advisory 2023-0021-01

Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5786-1

Ubuntu Security Notice 5786-1 - It was discovered that GNOME Files incorrectly handled certain filenames. An attacker could possibly use this issue to cause GNOME Files to crash, leading to a denial of service.

Red Hat Security Advisory 2022-9108-01

Red Hat Security Advisory 2022-9108-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5785-1

Ubuntu Security Notice 5785-1 - It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Red Hat Security Advisory 2023-0016-01

Red Hat Security Advisory 2023-0016-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-9107-01

Red Hat Security Advisory 2022-9107-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.21. There are no RPM packages for this release. Space precludes documenting all of the container images in this advisory.

Ubuntu Security Notice USN-5784-1

Ubuntu Security Notice 5784-1 - It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code.

[tool] ModSecurity backdoor

Posted by Jozef Sudolsky on Jan 02

Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.

https://github.com/azurit/modsecurity-backdoor

Red Hat Security Advisory 2023-0004-01

Red Hat Security Advisory 2023-0004-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Red Hat Security Advisory 2023-0005-01

Red Hat Security Advisory 2023-0005-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Debian Security Advisory 5310-1

Debian Linux Security Advisory 5310-1 - It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5307-1

Debian Linux Security Advisory 5307-1 - ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client.

SugarCRM 0-day Auth Bypass + RCE Exploit

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php
# https://www.shodan.io/search?query=http.title:"SugarCRM"
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:"SugarCRM"
#...

Gentoo Linux Security Advisory 202212-07

Gentoo Linux Security Advisory 202212-7 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.3 are affected.

Gentoo Linux Security Advisory 202212-06

Gentoo Linux Security Advisory 202212-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could result in arbitrary code execution. Versions less than 9.1_p1 are affected.

Debian Security Advisory 5306-1

Debian Linux Security Advisory 5306-1 - Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Debian Security Advisory 5305-1

Debian Linux Security Advisory 5305-1 - An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-6

Apple Security Advisory 2022-12-13-6 - macOS Big Sur 11.7.2 addresses bypass, code execution, and integer overflow vulnerabilities.

Apple Security Advisory 2022-12-13-5

Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.

AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact:...

APPLE-SA-2022-12-13-3 iOS 16.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-3 iOS 16.1.2

iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.

WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type...

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.

Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

BOM...

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.

BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft

DriverKit
Available for: macOS Big Sur
Impact: An app may be able to...

APPLE-SA-2022-12-13-8 watchOS 9.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.

Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD
Available for: Apple Watch Series 4 and...

APPLE-SA-2022-12-13-9 Safari 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie...

APPLE-SA-2022-12-13-7 tvOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.

Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD...

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory -
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server...

SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:...

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

iOS 16.2 and iPadOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213530.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user may be able to view sensitive user information
Description:...

Ransom.Win64.AtomSilo / Crypto Logic Flaw

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Ransom.Win64.AtomSilo
Vulnerability: Crypto Logic Flaw
Family: AtomSilo
Type: PE64
MD5: 5559e9f5e1645f8554ea020a29a5a3ee
Vuln ID: MVID-2022-0666
Disclosure: 12/14/2022
Description: AtomSilo...

Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.InCommander.17.b
Vulnerability: Hardcoded Cleartext Credentials
Family: InCommander
Type: PE32
MD5: dd76d8a5874bf8bf05279e35c68449ca
Vuln ID: MVID-2022-0665
Dropped files:...

Adversary3 updated / Malware vulnerability intel tool for third-party attackers

Posted by malvuln on Dec 20

The Adversary3 project has been updated, added a new vulnerability
category "Logic Flaw" and dozens of new malware vulnerabilities.

https://github.com/malvuln/Adversary3

[CFP] BSides San Francisco – April 2023

Posted by BSidesSF CFP via Fulldisclosure on Dec 20

BSidesSF is soliciting presentations, workshops, and villages for the 2023
annual BSidesSF conference.

Presentations: https://bsidessf.org/cfp
Workshops: https://bsidessf.org/cfp/workshops
Villages: https://bsidessf.org/cfp/villages

** Topics **

All topic areas related to reliability, application security, web security,
network security, privacy, cryptography, and information security are of
interest and in scope.

Let us help you get the word...

Gentoo Linux Security Advisory 202212-04

Gentoo Linux Security Advisory 202212-4 - A vulnerability has been discovered in LibreOffice which could result in arbitrary script execution via crafted links. Versions less than 7.3.6.2 are affected.

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

Gentoo Linux Security Advisory 202212-05

Gentoo Linux Security Advisory 202212-5 - Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. Versions less than 3.79.2 are affected.

Gentoo Linux Security Advisory 202212-03

Gentoo Linux Security Advisory 202212-3 - Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host. Versions less than 6.1.40 are affected.

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5303-1

Debian Linux Security Advisory 5303-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

Gentoo Linux Security Advisory 202212-02

Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.

Ubuntu Security Notice USN-5783-1

Ubuntu Security Notice 5783-1 - Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-9082-01

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-9068-01

Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9073-01

Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-9076-01

Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9075-01

Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9071-01

Red Hat Security Advisory 2022-9071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9074-01

Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9066-01

Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.