Full Disclosure

Senec Inverters Home V1, V2, V3 Home & Hybrid Publicly Accessible Management Interface “Local GUI”- CVE-2023-39171

Posted by Phos4Me via Fulldisclosure on Nov 12

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Full Disclosure

HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS

Posted by Marco Ivaldi on Nov 12

Hi all,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.

* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr <= 3.4.0, except for:
* CVE-2023-4265 that affects Zephyr <= 3.3.0
* CVE-2023-4261 that affects Zephyr <= 3.5.0
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-11-07
* CVE IDs and severity:
* CVE-2023-3725 -...

Full Disclosure

[CVE-2023-46380, CVE-2023-46381, CVE-2023-46382] Multiple vulnerabilities in Loytec products

Posted by Chizuru Toyama on Nov 03

[+] CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382
[+] Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB
I/O Controllers, L-VIS Touch Panels
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3
[+] Affected Components :...

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-22

Gentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-23

Gentoo Linux Security Advisory 202310-23 - Several use-after-free vulnerabilities have been found in libxslt. Versions greater than or equal to 1.1.35 are affected.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5542-1

Debian Linux Security Advisory 5542-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6460-1

Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5540-1

Debian Linux Security Advisory 5540-1 - Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5541-1

Debian Linux Security Advisory 5541-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5539-1

Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6441-3

Ubuntu Security Notice 6441-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6454-2

Ubuntu Security Notice 6454-2 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6458-1

Ubuntu Security Notice 6458-1 - It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6457-1

Ubuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6459-1

Ubuntu Security Notice 6459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.35 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6198-01

Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6199-01

Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6200-01

Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6202-01

Red Hat Security Advisory 2023-6202-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.8 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6195-01

Red Hat Security Advisory 2023-6195-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6197-01

Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6196-01

Red Hat Security Advisory 2023-6196-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6193-01

Red Hat Security Advisory 2023-6193-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6194-01

Red Hat Security Advisory 2023-6194-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6192-01

Red Hat Security Advisory 2023-6192-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6191-01

Red Hat Security Advisory 2023-6191-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6190-01

Red Hat Security Advisory 2023-6190-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5537-1

Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5538-1

Debian Linux Security Advisory 5538-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-20

Gentoo Linux Security Advisory 202310-20 - A vulnerability has been discovered in rxvt-unicode where data written to the terminal can lead to code execution. Versions greater than or equal to 9.30 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-19

Gentoo Linux Security Advisory 202310-19 - A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Versions greater than or equal to 2.3.19.1-r1 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-18

Gentoo Linux Security Advisory 202310-18 - Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging components. Versions greater than or equal to 2.2.3.1 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-17

Gentoo Linux Security Advisory 202310-17 - Multiple vulnerabilities have been discovered in UnZip, the worst of which could lead to code execution. Versions greater than or equal to 6.0_p27 are affected.

Advisory Files ≈ Packet Storm

VinChin VMWare Backup 7.0 Hardcoded Credential / Remote Code Execution

VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6455-1

Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6456-1

Ubuntu Security Notice 6456-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6158-01

Red Hat Security Advisory 2023-6158-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6021-01

Red Hat Security Advisory 2023-6021-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6022-01

Red Hat Security Advisory 2023-6022-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6144-01

Red Hat Security Advisory 2023-6144-01 - An update for custom-metrics-autoscaler-adapter-container, custom-metrics-autoscaler-admission-webhooks-container, custom-metrics-autoscaler-container, custom-metrics-autoscaler-operator-bundle-container, and custom-metrics-autoscaler-operator-container is now available for the Custom Metric Autoscaler operator for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6156-01

Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-5992-01

Red Hat Security Advisory 2023-5992-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

Full Disclosure

LKX-2023-001 VinChin VMWare Backup

Posted by Gregory Boddin via Fulldisclosure on Oct 27

VinChin Backup & Recovery is an all-in-one backup solution for virtual infrastructures supporting VMWare, KVM, Xen
Server, Hyper-V, OpenStack and more. The product also supports AWS, Azure and other cloud providers as backup storage.

VinChin has failed to acknowledge the various requests over a month period, we are thus disclosing the following
vulnerabilities:

CVE-2023-45499 - VinChin VMWare Backup 5.0 to 7.0
During our research we...

Advisory Files ≈ Packet Storm

Debian Security Advisory 5536-1

Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6145-01

Red Hat Security Advisory 2023-6145-01 - Multicluster Engine for Kubernetes 2.2.9 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6105-01

Red Hat Security Advisory 2023-6105-01 - An update is now available for Red Hat JBoss Core Services. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6148-01

Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-6143-01

Red Hat Security Advisory 2023-6143-01 - An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.14.

Full Disclosure

[KIS-2023-12] phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability

Posted by Egidio Romano on Oct 27

--------------------------------------------------------------
phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability
--------------------------------------------------------------

[-] Software Link:

https://www.phpfox.com

[-] Affected Versions:

Version 4.8.13 and prior versions.

[-] Vulnerability Description:

User input passed through the "url" request parameter to the
/core/redirect route is not properly sanitized...

Full Disclosure

[KIS-2023-11] SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload Vulnerability

Posted by Egidio Romano on Oct 26

-------------------------------------------------------------------------------
SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload
Vulnerability
-------------------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 13.0.1 and prior versions.
Version 12.0.3 and prior versions.

[-] Vulnerability Description:

When handling the...

Full Disclosure

[KIS-2023-10] SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection Vulnerability

Posted by Egidio Romano on Oct 26

----------------------------------------------------------------------------
SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection
Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 13.0.1 and prior versions.
Version 12.0.3 and prior versions.

[-] Vulnerability Description:

There is a sort of Server-Side Template...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6446-3

Ubuntu Security Notice 6446-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6454-1

Ubuntu Security Notice 6454-1 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of-bounds write vulnerability. A local attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-16

Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-14

Gentoo Linux Security Advisory 202310-14 - A vulnerability has been discovered in libinput where an attacker may run malicious code by exploiting a format string vulnerability. Versions greater than or equal to 1.20.1 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202310-15

Gentoo Linux Security Advisory 202310-15 - A vulnerability has been discovered in usbview where certain users can trigger a privilege escalation. Versions greater than or equal to 2.2 are affected.

Advisory Files ≈ Packet Storm

Apple Security Advisory 10-25-2023-8

Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 10-25-2023-5

Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.