seclist.org
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 2 óra 21 perc
Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL
Posted by Stefan Pietsch on Jan 30
# Trovent Security Advisory 2203-01 ######################################
Micro Focus GroupWise transmits session ID in URL
#################################################
Overview
########
Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com...
APPLE-SA-2023-01-24-1 tvOS 16.3
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-2023-01-24-1 tvOS 16.3tvOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213601.
AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...
[SYSS-2022-047] Razer Synapse - Local Privilege Escalation
Posted by Oliver Schwarz via Fulldisclosure on Jan 26
Advisory ID: SYSS-2022-047Product: Razer Synapse
Manufacturer: Razer Inc.
Affected Version(s): Versions before 3.7.0830.081906
Tested Version(s): 3.7.0731.072516
Vulnerability Type: Improper Certificate Validation (CWE-295)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-08-02
Solution Date: 2022-09-06
Public Disclosure:...
[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
Posted by RedTeam Pentesting GmbH on Jan 26
RedTeam Pentesting identified a vulnerability which allows attackers tocraft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.
Details
=======
Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other...
t2'23: Call For Papers 2023 (Helsinki, Finland)
Posted by Tomi Tuominen via Fulldisclosure on Jan 23
Call For Papers 2023Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.
CFP and registration both open. Read further if still unsure.
Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...
Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
Posted by Marco Ivaldi on Jan 23
Hello again,Just a quick update. Mitre has assigned the following additional CVE IDs:
* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure
We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt
Regards,
Marco
APPLE-SA-2023-01-23-8 Safari 16.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-8 Safari 16.3Safari 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213600.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao...
APPLE-SA-2023-01-23-7 watchOS 9.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-7 watchOS 9.3watchOS 9.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213599.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)
ImageIO...
APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3macOS Big Sur 11.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213603.
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...
APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3macOS Monterey 12.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213604.
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...
APPLE-SA-2023-01-23-4 macOS Ventura 13.2
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-4 macOS Ventura 13.2macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...
APPLE-SA-2023-01-23-3 iOS 12.5.7
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-3 iOS 12.5.7iOS 12.5.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213597.
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...
APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description:...
APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3iOS 16.3 and iPadOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213606.
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data...
SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >=======================================================================
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 16.2.2 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45924, CVE-2022-45922, CVE-2022-45925,...
SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >=======================================================================
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45927...
SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >=======================================================================
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45923
impact: Critical
homepage:...
HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
Posted by Marco Ivaldi on Jan 19
Dear Full Disclosure,Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.
* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date:...
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS====================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-42905 to this issue.
Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
If wolfSSL...
wolfSSL before 5.5.0: Denial-of-service with session resumption
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.0: Denial-of-service with session resumption=================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
When a TLS 1.3 client...