SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability.
a3bce9850f8342f5aa74a6bc3820d1c8dfe51fd338fcf68fc68e9703dfacb807Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.
7154bcd5aff205c57ae30b210e1bde57d7de007b20d635b85df4852970237c7eNexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.
811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
da3d1ebf8a062796a4bf895e4a7b5810ebe229e969e2a6e2a191ecc53f90dbfeWhen analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.
aab63ef3bc7b1c7a28a491f23ff3e38331ea8654041288aca94a8bd6d5435366Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.
712ea0fa8cca54c56dcdee1163b6c9f9af4877ee2b821344703659e1956a2b24Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
d1ce1176e259b983636a9265a4a9cdd09184aa0d9186c1f832c5cc5af990572cMitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.
f64facd6fb1f0b3cf63d9849292f052e8efccb8ebd488f773fe95e1a28e11171When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
26ff4e832d69529801ce9581fa340d311be8da080d073cf03ef28644ddb30a51Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6ec0ae0395c19c7e5a1cccd288c838331c898658993f20553714a1b880f284f3Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
beba27aeb4d3bb78df6202e88dda69e1dba9b0561044957bcac47e68b6ac28baTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
9e9a5c67ad2acdd5f0f8be14ed591fed076b1708abf8344066990a0fa66fe195Ubuntu Security Notice 5482-1 - It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. Charles Fol and Theo Gordyjan discovered that SPIP is vulnerable to cross site scripting. If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10.
ec423457adbd941159570ceada40a93cb7cafd6e65d11c01f0d4e43ecb1639b6SoftGuard Web (SGW) versions prior to 5.1.5 suffer from html injection and arbitrary file system access allow for file downloads.
76ee74097962529e003cf64b8fba1a3e1b9794c172699cc4c97189ef5a243d7cUbuntu Security Notice 5476-1 - Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
311eba3b5bb97ad471b80b129811339b0c16d61a6545b8a77220a470939fc446Red Hat Security Advisory 2022-4951-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.43. Issues addressed include a memory exhaustion vulnerability.
b3becf7c5a684f3894350693f083de3b75e23f8f1e59c2313e79aa641b3166ebWhen analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.
6fe888a83e3d60fa3dff9cbd864af7c01af27b2dbd4a6cda8d208d3d0a240337The Wordfence Threat Intelligence team uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete ar bitrary files on sites where a separate POP chain was present. This flaw has been fully patched in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.
e25d000d7a2df2172a646831088ba3e0f1083e02893c12d290f821c392cde8a3Gentics CMS version 5.36.29 suffers from persistent cross site scripting and unsafe java deserialization vulnerabilities.
e4580392eca1aaa2baef87c51030e06d2fcb0c618e86aa5b369549cadf1c84c3When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
820817b00f35d5e9cdd824108c5f8d3d74d064b3343d74f7c689cef4f9919f97When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.
5cf09b9a6a7dc17bc2bc9248633676029f1f2f7c319f1bda1a93395588b69053Red Hat Security Advisory 2022-5099-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
34246ffd9ca1956890fda4c9acb6dd38a6ae9f42ef9783e9b8715b92cd6d5e58Red Hat Security Advisory 2022-5100-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
4ae68bf8d9609c4f243193d9fe7abc4a8a8aa94b680c713f385e474d83725f7aWhen analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
5957d6ef4f65feb57e39fb3699989b7271db9a941fefc0a0ecfcc6d07e41f538When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.
bf98542c479e3621d63c8f97f240d1176143d928dd39fcee82bda83c3c2f65d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed