Security News

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

iPadOS 17.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121838.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Processing a...

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

iOS 18.2 and iPadOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121837.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd...

SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login

Full Disclosure - 12 December, 2024 - 15:40

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20241211-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Numerix License Server Administration System Login
vulnerable version: 1.1_596
fixed version: -
CVE number: CVE-2024-50585
impact: medium
homepage: https://connect.numerix.com/nlslogin.jsp...

St. Poelten UAS | Multiple Vulnerabilities in ORing IAP

Full Disclosure - 12 December, 2024 - 15:39

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 12

St. Pölten UAS 20241209-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in ORing IAP
product| ORing IAP-420
vulnerable version| 2.01e
fixed version| -
CVE number| CVE-2024-55544, CVE-2024-55545, CVE-2024-55546,
| CVE-2024-55547, CVE-2024-55548
impact| High
homepage|...

SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)

Full Disclosure - 4 December, 2024 - 23:26

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04

SEC Consult Vulnerability Lab Security Advisory < 20241204-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Image Access Scan2Net
vulnerable version: Firmware <=7.40, <=7.42, <7.42B
(depending on the vulnerability)
fixed version: mostly fixed in v7.42B
CVE number: CVE-2024-28138,...

Microsoft Warbird and PMP security research - technical doc

Full Disclosure - 3 December, 2024 - 04:10

Posted by Security Explorations on Dec 03

Hello All,

We have released a technical document pertaining to our Warbird / PMP security
research. It is available for download from this location:

https://security-explorations.com/materials/wbpmp_doc.md.txt

The document provides a more in-depth technical explanation, illustration and
verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64
and pertaining to the following in particular:
- Warbird deficiencies
- content...

Access Control in Paxton Net2 software

Full Disclosure - 2 December, 2024 - 23:37

Posted by Jeroen Hermans via Fulldisclosure on Dec 02

CloudAware Security Advisory

[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software

========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required....

SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951)

Full Disclosure - 27 November, 2024 - 13:58

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20241127-0 >
=======================================================================
title: Stored Cross-Site Scripting
product: Omada Identity
vulnerable version: <v15U1, <v14.14 hotfix #309
fixed version: v15U1, v14.14 hotfix #309
CVE number: CVE-2024-52951
impact: Medium
homepage:...

SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019

Full Disclosure - 27 November, 2024 - 13:58

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20241125-0 >
=======================================================================
title: Unlocked JTAG interface and buffer overflow
product: Siemens SM-2558 Protocol Element (extension module for
Siemens SICAM AK3/TM/BC),
Siemens CP-2016 & CP-2019
vulnerable version: JTAG: Unknown HW revision, Zynq Firmware...

Re: Local Privilege Escalations in needrestart

Full Disclosure - 27 November, 2024 - 13:57

Posted by Mark Esler on Nov 27

The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
condition on /proc/$PID/exec evaluation”) [0], introduced a regression
which was subsequently fixed 42af5d3 ("core: fix regression of false
positives for processes running in chroot or mountns (#317)") [1].

Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.

[0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59...

APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1

macOS Sequoia 15.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121753.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to arbitrary...

Local Privilege Escalations in needrestart

Full Disclosure - 21 November, 2024 - 14:31

Posted by Qualys Security Advisory via Fulldisclosure on Nov 21

Qualys Security Advisory

LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)

========================================================================
Contents
========================================================================

Summary
Background
CVE-2024-48990 (and CVE-2024-48992)
CVE-2024-48991
CVE-2024-10224 (and CVE-2024-11003)
Mitigation
Acknowledgments
Timeline

I got bugs...

APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2

iOS 17.7.2 and iPadOS 17.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121754.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd generation...

APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1

iOS 18.1.1 and iPadOS 18.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121752.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation...

APPLE-SA-11-19-2024-2 visionOS 2.1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-2 visionOS 2.1.1

visionOS 2.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121755.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to arbitrary
code...

APPLE-SA-11-19-2024-1 Safari 18.1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-1 Safari 18.1.1

Safari 18.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121756.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to...

Reflected XSS - fronsetiav1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Andrey Stoykov on Nov 21

# Exploit Title: Reflected XSS - fronsetiav1.1
# Date: 11/2024
# Exploit Author: Andrey Stoykov
# Version: 1.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html

Reflected XSS #1 - "show_operations.jsp"

Steps to Reproduce:

1. Visit main page of the application.
2. In the input field of "WSDL Location" enter the following payload "><img
src=x...

XXE OOB - fronsetiav1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Andrey Stoykov on Nov 21

# Exploit Title: XXE OOB - fronsetiav1.1
# Date: 11/2024
# Exploit Author: Andrey Stoykov
# Version: 1.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-15-oob-xxe.html

XXE OOB

Description:

- It was found that the application was vulnerable XXE (XML External Entity
Injection)

Steps to Reproduce:

1. Add Python3 server to serve malicious XXE payload
2. Add a file on the file system to be read...

St. Poelten UAS | Path Traversal in Korenix JetPort 5601

Full Disclosure - 21 November, 2024 - 14:30

Posted by Weber Thomas via Fulldisclosure on Nov 21

St. Pölten UAS 20241118-1
-------------------------------------------------------------------------------
title| Path Traversal
product| Korenix JetPort 5601
vulnerable version| 1.2
fixed version| -
CVE number| CVE-2024-11303
impact| High
homepage| https://www.korenix.com/
found| 2024-05-24
by| P. Oberndorfer, B. Tösch, M....

St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro

Full Disclosure - 21 November, 2024 - 14:30

Posted by Weber Thomas via Fulldisclosure on Nov 21

St. Pölten UAS 20241118-0
-------------------------------------------------------------------------------
title| Multiple Stored Cross-Site Scripting
product| SEH utnserver Pro
vulnerable version| 20.1.22
fixed version| 20.1.35
CVE number| CVE-2024-11304
impact| High
homepage| https://www.seh-technology.com/
found| 2024-05-24
by| P....
Syndicate content