FreshRSS

๐Ÿ”’
โŒ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayVulnerabilities

Android passkeys unexpectedly deleted or useless after sync

Posted by Erik van Straten (FD) on Feb 13

*INTRODUCTION*
Passkeys on Android are stored in Google Password Manager by default. The user cannot make their own backups of them.

Note: although the user can export a CSV file with both passkeys and passwords, the lines representing passkeys will
not contain any secrets, rendering them useless.

Also note that Google Passkey Manager appears to primarily be a CLOUD-based password manager (with copies of passwords
and passkeys usually cached...
  • February 14th 2024 at 02:18

IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.ibm.com

[Product]
IBM i Access Client Solutions

[Versions]
All

[Remediation/Fixes]
None

[Vulnerability Type]
Remote Credential Theft

[CVE Reference]
CVE-2024-22318

[Security Issue]
IBM i...
  • February 14th 2024 at 02:16

Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables

Posted by Austin DeFrancesco via Fulldisclosure on Feb 13

Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)
Variables
=================================================================================================================================

Contents:
---------

Summary

Analysis

Exploitation

Acknowledgments

Timeline

Additional Advisory

Summary:
--------

Austin A. DeFrancesco (DEFCESCO) discovered two stack-based...
  • February 14th 2024 at 02:16

Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)

Posted by Austin DeFrancesco via Fulldisclosure on Feb 13

Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)
===========================================================================================

Contents:
---------

Summary

Analysis

Exploitation

Acknowledgments

Timeline

Additional Advisory

Summary:
--------

Austin A. DeFrancesco (DEFCESCO) discovered a command injection vulnerability in KiTTY
(https://github.com/cyd01/KiTTY/). This vulnerability:...
  • February 14th 2024 at 02:16

Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 2.

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...
  • February 14th 2024 at 02:16

Wyrestorm Apollo VX20 / Incorrect Access Control - Credentials Disclosure / CVE-2024-25735

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (Credentials Disclosure)

[Affected Component]
Web interface, config...
  • February 14th 2024 at 02:16

Wyrestorm Apollo VX20 / Account Enumeration / CVE-2024-25734

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_ACCOUNT_ENUMERATION_CVE-2024-25734.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Account Enumeration

[CVE Reference]
CVE-2024-25734

[Security Issue]
An issue was discovered on WyreStorm Apollo VX20...
  • February 14th 2024 at 02:16

Wyrestorm Apollo VX20 / Incorrect Access Control - DoS / CVE-2024-25736

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (DOS)

[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58

[Affected...
  • February 14th 2024 at 02:16

Ubuntu Security Notice USN-6632-1

Ubuntu Security Notice 6632-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
  • February 13th 2024 at 21:45

Ubuntu Security Notice USN-6633-1

Ubuntu Security Notice 6633-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
  • February 13th 2024 at 21:45

Red Hat Security Advisory 2024-0797-03

Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.
  • February 13th 2024 at 21:40

Red Hat Security Advisory 2024-0793-03

Red Hat Security Advisory 2024-0793-03 - Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Issues addressed include a denial of service vulnerability.
  • February 13th 2024 at 21:40

Red Hat Security Advisory 2024-0796-03

Red Hat Security Advisory 2024-0796-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
  • February 13th 2024 at 21:40

Red Hat Security Advisory 2024-0790-03

Red Hat Security Advisory 2024-0790-03 - An update for nss is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
  • February 13th 2024 at 21:38

Red Hat Security Advisory 2024-0791-03

Red Hat Security Advisory 2024-0791-03 - An update for nss is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.
  • February 13th 2024 at 21:38

Red Hat Security Advisory 2024-0789-03

Red Hat Security Advisory 2024-0789-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available. Issues addressed include buffer overflow and denial of service vulnerabilities.
  • February 13th 2024 at 21:38

Red Hat Security Advisory 2024-0792-03

Red Hat Security Advisory 2024-0792-03 - Red Hat Integration Camel for Spring Boot 3.20.5 release and security update is now available. Issues addressed include a buffer overflow vulnerability.
  • February 13th 2024 at 21:38

Red Hat Security Advisory 2024-0786-03

Red Hat Security Advisory 2024-0786-03 - An update for nss is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.
  • February 13th 2024 at 21:37

Red Hat Security Advisory 2024-0785-03

Red Hat Security Advisory 2024-0785-03 - An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.
  • February 13th 2024 at 21:36

Red Hat Security Advisory 2024-0778-03

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.
  • February 13th 2024 at 21:36

Red Hat Security Advisory 2024-0774-03

Red Hat Security Advisory 2024-0774-03 - An update is now available for Red Hat Certificate System 10.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.
  • February 13th 2024 at 21:35

Red Hat Security Advisory 2024-0775-03

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.
  • February 13th 2024 at 21:35

Red Hat Security Advisory 2024-0776-03

Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.
  • February 13th 2024 at 21:35

Red Hat Security Advisory 2024-0777-03

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.
  • February 13th 2024 at 21:35

[webapps] Splunk 9.0.4 - Information Disclosure

Splunk 9.0.4 - Information Disclosure
  • February 13th 2024 at 00:00

[webapps] Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over
  • February 13th 2024 at 00:00

[dos] VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
  • February 13th 2024 at 00:00

Debian Security Advisory 5619-1

Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
  • February 12th 2024 at 15:20

Ubuntu Security Notice USN-6631-1

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • February 12th 2024 at 15:14

Ubuntu Security Notice USN-6630-1

Ubuntu Security Notice 6630-1 - It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.
  • February 12th 2024 at 15:14

Red Hat Security Advisory 2024-0772-03

Red Hat Security Advisory 2024-0772-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
  • February 12th 2024 at 15:03

Red Hat Security Advisory 2024-0773-03

Red Hat Security Advisory 2024-0773-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
  • February 12th 2024 at 15:03

Red Hat Security Advisory 2024-0768-03

Red Hat Security Advisory 2024-0768-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.
  • February 12th 2024 at 15:02

Red Hat Security Advisory 2024-0769-03

Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
  • February 12th 2024 at 15:02

Red Hat Security Advisory 2024-0771-03

Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
  • February 12th 2024 at 15:02

Gentoo Linux Security Advisory 202402-11

Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.
  • February 9th 2024 at 16:48

[webapps] Wordpress Seotheme - Remote Code Execution Unauthenticated

Wordpress Seotheme - Remote Code Execution Unauthenticated
  • February 9th 2024 at 00:00

[webapps] Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
  • February 9th 2024 at 00:00

[dos] Elasticsearch - StackOverflow DoS

Elasticsearch - StackOverflow DoS
  • February 9th 2024 at 00:00

[webapps] Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Online Nurse Hiring System 1.0 - Time-Based SQL Injection
  • February 9th 2024 at 00:00

[remote] Zyxel zysh - Format string

Zyxel zysh - Format string
  • February 9th 2024 at 00:00

[webapps] Rail Pass Management System 1.0 - Time-Based SQL Injection

Rail Pass Management System 1.0 - Time-Based SQL Injection
  • February 9th 2024 at 00:00

[webapps] Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
  • February 9th 2024 at 00:00
  • February 5th 2024 at 00:00

[webapps] Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Curfew e-Pass Management System 1.0 - FromDate SQL Injection
  • February 5th 2024 at 00:00

[webapps] GYM MS - GYM Management System - Cross Site Scripting (Stored)

GYM MS - GYM Management System - Cross Site Scripting (Stored)
  • February 5th 2024 at 00:00

[webapps] TASKHUB-2.8.8 - XSS-Reflected

TASKHUB-2.8.8 - XSS-Reflected
  • February 5th 2024 at 00:00

[webapps] WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
  • February 5th 2024 at 00:00

[webapps] MISP 2.4.171 - Stored XSS

MISP 2.4.171 - Stored XSS
  • February 5th 2024 at 00:00

[webapps] Clinic's Patient Management System 1.0 - Unauthenticated RCE

Clinic's Patient Management System 1.0 - Unauthenticated RCE
  • February 5th 2024 at 00:00

APPLE-SA-02-02-2024-1 visionOS 1.0.2

Posted by Apple Product Security via Fulldisclosure on Feb 04

APPLE-SA-02-02-2024-1 visionOS 1.0.2

visionOS 1.0.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214070.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to
arbitrary code...
  • February 4th 2024 at 08:13

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...
  • February 4th 2024 at 08:12

Out-of-bounds read & write in the glibc's qsort()

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

For the algorithm lovers: Nontransitive comparison functions lead to
out-of-bounds read & write in glibc's qsort()

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Analysis
Patch
Discussion
Acknowledgments
Timeline

CUT MY LIST IN TWO PIECES
THAT'S HOW YOU START...
  • February 4th 2024 at 08:12

TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Feb 04

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the...
  • February 4th 2024 at 08:11

Research about usage & possible issues of the NVD

Posted by Andreas Hammer on Feb 04

Hello there!

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:

https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/

The...
  • February 4th 2024 at 08:11

[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

Posted by Egidio Romano on Feb 04

------------------------------------------------------------
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the...
  • February 4th 2024 at 08:11

NULL pointer dereference in the function handle_viminfo_register() of vim

Posted by Christian Brabandt on Feb 04

Meng Ruijie wrote:

Meng,

This particular problem was fixed in Vim v9.0.1740
https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853

I have no idea, why this issue is worth a CVE, because if an attacker
can modify your .viminfo file to make Vim crash, he already has the
possibilities to do much more harm directly. So I don't think this is
particular useful CVE. I'd also like to dispute this.

Thanks,
Christian
  • February 4th 2024 at 08:09

[webapps] Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
  • February 2nd 2024 at 00:00
โŒ