KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

March 5^th 2024 at 18:29

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Advisory ID: KL-001-2024-002
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
     Platform: Debian...

Full Disclosure

JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318

March 3^rd 2024 at 00:54

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318...

Full Disclosure

SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

March 3^rd 2024 at 00:54

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/...

Full Disclosure

XAMPP 5.6.40 - Error Based SQL Injection

March 3^rd 2024 at 00:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP - Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to "Existing Templates"
4. Select template "test" and click "Update"
5. Trap HTTP POST request
6. Place single quote to...

Full Disclosure

Multiple XSS Issues in boidcmsv2.0.1

March 3^rd 2024 at 00:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute

// xss.svg contents

<?xml version="1.0" standalone="no"?>...

Full Disclosure

BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials

March 3^rd 2024 at 00:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password "KOrUPtIzEre" is stored in cleartext within
the PE file at...

Full Disclosure

Multilaser Router - Access Control Bypass through Cookie Manipulation - CVE-2023-38946

March 3^rd 2024 at 00:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38946]=======

Access Control Bypass in Multilaser router's Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Full Disclosure

Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945

March 3^rd 2024 at 00:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38945]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Full Disclosure

BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution

March 3^rd 2024 at 00:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by...

Full Disclosure

Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

March 3^rd 2024 at 00:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component...

Full Disclosure

Multilaser Router - Access Control Bypass through Header Manipulation - CVE-2023-38944

March 3^rd 2024 at 00:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38944]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Full Disclosure

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

March 3^rd 2024 at 00:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password...

Full Disclosure

SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH)

February 21^st 2024 at 06:10

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20

SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <= 18.1.4 and <= 18.1.5
fixed version: 18.1.6 / 18.2
CVE number: CVE-2024-25973, CVE-2024-25974
impact: High...

Full Disclosure

Re: Buffer Overflow in graphviz via via a crafted config6a file

February 21^st 2024 at 06:09

Posted by Matthew Fernandez on Feb 20

The fix for this ended up landing in Graphviz 10.0.1, available at
https://graphviz.org/download/.

Details of this CVE (CVE-2023-46045) are now published, but the CPEs are
incomplete. For those who track such things, the affected range is
[2.36.0, 10.0.1).

Full Disclosure

CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool

February 21^st 2024 at 06:08

Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20

CloudAware Security Advisory

CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool

========================================================================
Summary
========================================================================
A single, vendorwide, hardcoded AES key in the configuration tool used to
encrypt provisioning documents was leaked leading to a compromise of
confidentiality of provisioning documents....

Full Disclosure

Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3

February 21^st 2024 at 06:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...

Full Disclosure

Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass

February 21^st 2024 at 06:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Detection Mitigation Bypass
Backdoor:JS/Relvelshe.A

[CVE Reference]
N/A

[Security Issue]
Back in 2022 I released a...

Full Disclosure

Microsoft Windows Defender / VBScript Detection Bypass

February 21^st 2024 at 06:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender VBScript Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...

Full Disclosure

44CON 2024 September 18th - 20th CFP

February 15^th 2024 at 11:45

Posted by Florent Daigniere via Fulldisclosure on Feb 15

44CON is the UK's largest combined annual Security Conference and
Training event. Taking place 18,19,20 of September at the
Novotel London West near Hammersmith, London. We will have a fully
dedicated conference facility, including catering, private bar, amazing
coffee and a daily Gin O’Clock break.

        _ _
/_//_// / //\ / | 18th - 20th September 2024
/ //_,/_// /   | Novotel London West, London

   -=-...

Full Disclosure

SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS

February 14^th 2024 at 02:21

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13

SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting vulnerabilities
product: Statamic CMS
vulnerable version: <4.46.0, <3.4.17
fixed version: >=4.46.0, >=3.4.17
CVE number: CVE-2024-24570
impact: high
homepage: https://statamic.com/...

Full Disclosure

OXAS-ADV-2023-0007: OX App Suite Security Advisory

February 14^th 2024 at 02:20

Posted by Martin Heiland via Fulldisclosure on Feb 13

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0007.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

Full Disclosure

Stored XSS and RCE - adaptcmsv3.0.3

February 14^th 2024 at 02:20

Posted by Andrey Stoykov on Feb 13

# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 3.0.3
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

*Description*

- It was found that adaptcms v3.0.3 was vulnerable to stored cross
site scripting

- Also the application allowed the file upload functionality to upload
PHP files which resulted in remote code execution

*Stored XSS*

*Steps to Reproduce:*

1....

Full Disclosure

Android passkeys unexpectedly deleted or useless after sync

February 14^th 2024 at 02:18

Posted by Erik van Straten (FD) on Feb 13

*INTRODUCTION*
Passkeys on Android are stored in Google Password Manager by default. The user cannot make their own backups of them.

Note: although the user can export a CSV file with both passkeys and passwords, the lines representing passkeys will
not contain any secrets, rendering them useless.

Also note that Google Passkey Manager appears to primarily be a CLOUD-based password manager (with copies of passwords
and passkeys usually cached...

Full Disclosure

IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318

February 14^th 2024 at 02:16

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.ibm.com

[Product]
IBM i Access Client Solutions

[Versions]
All

[Remediation/Fixes]
None

[Vulnerability Type]
Remote Credential Theft

[CVE Reference]
CVE-2024-22318

[Security Issue]
IBM i...

Full Disclosure

Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables

February 14^th 2024 at 02:16

Posted by Austin DeFrancesco via Fulldisclosure on Feb 13

Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)
Variables
=================================================================================================================================

Contents:
---------

Summary

Analysis

Exploitation

Acknowledgments

Timeline

Additional Advisory

Summary:
--------

Austin A. DeFrancesco (DEFCESCO) discovered two stack-based...

Full Disclosure

Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)

February 14^th 2024 at 02:16

Posted by Austin DeFrancesco via Fulldisclosure on Feb 13

Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)
===========================================================================================

Contents:
---------

Summary

Analysis

Exploitation

Acknowledgments

Timeline

Additional Advisory

Summary:
--------

Austin A. DeFrancesco (DEFCESCO) discovered a command injection vulnerability in KiTTY
(https://github.com/cyd01/KiTTY/). This vulnerability:...

Full Disclosure

Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 2.

February 14^th 2024 at 02:16

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...

Full Disclosure

Wyrestorm Apollo VX20 / Incorrect Access Control - Credentials Disclosure / CVE-2024-25735

February 14^th 2024 at 02:16

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (Credentials Disclosure)

[Affected Component]
Web interface, config...

Full Disclosure

Wyrestorm Apollo VX20 / Account Enumeration / CVE-2024-25734

February 14^th 2024 at 02:16

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_ACCOUNT_ENUMERATION_CVE-2024-25734.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Account Enumeration

[CVE Reference]
CVE-2024-25734

[Security Issue]
An issue was discovered on WyreStorm Apollo VX20...

Full Disclosure

Wyrestorm Apollo VX20 / Incorrect Access Control - DoS / CVE-2024-25736

February 14^th 2024 at 02:16

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (DOS)

[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58

[Affected...

Full Disclosure

APPLE-SA-02-02-2024-1 visionOS 1.0.2

February 4^th 2024 at 08:13

Posted by Apple Product Security via Fulldisclosure on Feb 04

APPLE-SA-02-02-2024-1 visionOS 1.0.2

visionOS 1.0.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214070.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to
arbitrary code...

Full Disclosure

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

February 4^th 2024 at 08:12

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

Full Disclosure

Out-of-bounds read & write in the glibc's qsort()

February 4^th 2024 at 08:12

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

For the algorithm lovers: Nontransitive comparison functions lead to
out-of-bounds read & write in glibc's qsort()

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Analysis
Patch
Discussion
Acknowledgments
Timeline

CUT MY LIST IN TWO PIECES
THAT'S HOW YOU START...

Full Disclosure

TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)

February 4^th 2024 at 08:11

Posted by malvuln on Feb 04

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the...

Full Disclosure

Research about usage & possible issues of the NVD

February 4^th 2024 at 08:11

Posted by Andreas Hammer on Feb 04

Hello there!

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:

https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/

The...

Full Disclosure

[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

February 4^th 2024 at 08:11

Posted by Egidio Romano on Feb 04

------------------------------------------------------------
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the...

Full Disclosure

NULL pointer dereference in the function handle_viminfo_register() of vim

February 4^th 2024 at 08:09

Posted by Christian Brabandt on Feb 04

Meng Ruijie wrote:

Meng,

This particular problem was fixed in Vim v9.0.1740
https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853

I have no idea, why this issue is worth a CVE, because if an attacker
can modify your .viminfo file to make Vim crash, he already has the
possibilities to do much more harm directly. So I don't think this is
particular useful CVE. I'd also like to dispute this.

Thanks,
Christian

Full Disclosure

Re: Buffer Overflow in graphviz via via a crafted config6a file

January 27^th 2024 at 22:03

Posted by Matthew Fernandez on Jan 27

More specifically, this issue is an out-of-bounds read.

AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
issue), but there has been no release yet since then. The next release
will be 10.0.0. So affected versions would be [2.36, 10.0.0).

To exploit this issue, you need to modify a...

Full Disclosure

Re: null pointer deference in nano via read_the_list()

January 27^th 2024 at 22:03

Posted by Mark Esler on Jan 27

Hi Meng,

In your recent mass posts to FD, are you reporting vulnerabilities or
bug reports which have words like "segfault" in the title? What benefit
do you see this having? Have you spoken to each upstream project before
requesting a CVE be assigned?

Thank you,
Mark Esler

Full Disclosure

CVEs based on commit messages

January 27^th 2024 at 22:03

Posted by Mark Esler on Jan 27

Dear Meng Rujie,

In regards to your recent FD posts, are you requesting CVEs based on the
presence of strings in commit messages such as "null pointer dereference"?

Are you reaching out to each upstream project before assigning a CVE? Do
you believe that every null pointer bug is a vulnerability? What impact
are you hoping to achieve?

Please reconsider how you are requesting CVEs.

CVE assignment based on commit message allows...

Full Disclosure

Re: NULL pointer dereference in freedesktop Mesa via check_xshm()

January 27^th 2024 at 22:01

Posted by Dan Cross on Jan 27

I find it very difficult to believe that every NULL pointer error in
existence is a security vulnerability.

- Dan C.

Full Disclosure

Re: Null pointer dereference in Xedit

January 27^th 2024 at 22:01

Posted by Alan Coopersmith on Jan 27

I will be asking that this CVE be withdrawn on behalf of the X.Org security team.

While it is a low-priority bug, we did not see any security exposure
when this bug was first brought to our attention because there is no
way for an attacker to change the contents of the lisp.lsp file or to
cause a *.lsp file to be loaded for another user.

The bug report states "replace /usr/local/lib/X11/xedit/lisp/lisp.lsp with
the attached version,"...

Full Disclosure

null pointer deference in MiniZinc via a crafted Preferences.json file

January 26^th 2024 at 15:11