Security News

SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

Full Disclosure - 13 March, 2024 - 14:54

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 13

SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
=======================================================================
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1
CVE number: CVE-2024-0670
impact: high
homepage: https://checkmk.com...

HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS

Full Disclosure - 13 March, 2024 - 14:54

Posted by Marco Ivaldi on Mar 13

Hi,

Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RT-Thread RTOS.

* Title: Multiple vulnerabilities in RT-Thread RTOS
* OS: RT-Thread <= 5.0.2
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2024-03-05
* CVE IDs and advisory URLs:
* CVE-2024-24334 - https://github.com/RT-Thread/rt-thread/issues/8282
* CVE-2024-24335 -...

APPLE-SA-03-12-2024-1 GarageBand 10.4.11

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-12-2024-1 GarageBand 10.4.11

GarageBand 10.4.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214090.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

GarageBand
Available for: macOS Ventura and macOS Sonoma
Impact: Processing a maliciously crafted file may lead to...

APPLE-SA-03-07-2024-7 visionOS 1.1

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-7 visionOS 1.1

visionOS 1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214087.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Vision Pro
Impact: An app may be able to spoof system notifications and UI
Description: This...

APPLE-SA-03-07-2024-6 tvOS 17.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-6 tvOS 17.4

tvOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214086.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-5 watchOS 10.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-5 watchOS 10.4

watchOS 10.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214088.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

macOS Monterey 12.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214083.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Monterey
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

macOS Ventura 13.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214085.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

macOS Sonoma 14.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214084.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sonoma
Impact: A malicious app may be able to observe user data in log entries...

APPLE-SA-03-07-2024-1 Safari 17.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-1 Safari 17.4

Safari 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214089.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari Private Browsing
Available for: macOS Monterey and macOS Ventura
Impact: Private Browsing tabs may be accessed without...

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214082.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: iPhone 8, iPhone 8 Plus, iPhone X,...

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

Full Disclosure - 13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

iOS 17.4 and iPadOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214081.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Accessibility
Available for: iPhone XS and later, iPad Pro...

Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

Full Disclosure - 13 March, 2024 - 14:53

Posted by malvuln on Mar 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Beastdoor.oq
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1332, makes outbound
connections to SMTP port 25 and executes a PE file named svchost.exe
dropped in...

StimulusReflex CVE-2024-28121

Full Disclosure - 13 March, 2024 - 14:53

Posted by lixts via Fulldisclosure on Mar 13

StimulusReflex CVE-2024-28121

Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10.

## Vulnerable code excerpt

stimulus_reflex/lib/stimulus_reflex/reflex.rb
```
# Invoke the reflex action specified by `name` and run all callbacks
def process(name, *args)
run_callbacks(:process) { public_send(name, *args) }
end
```

stimulus_reflex/app/channels/stimulus_reflex/channel.rb...

Re: Value of the [leaked] Windows source

Daily Dave - 6 March, 2024 - 09:24

Posted by Michal Zalewski via Dailydave on Mar 06

Not really different from prototyping on the Linux kernel or the
Chromium codebase - pick an old version if you want known bugs... you
don't see a whole lot of that either, and in contrast to Windows, that
wouldn't lead to all kinds of icky questions about ethics, IP, etc.

The thing about most of these tools is that they don't fare well in
large and exotic codebases. What makes sense for a web app is seldom
applicable to a kernel,...

Value of the [leaked] Windows source

Daily Dave - 6 March, 2024 - 08:11

Posted by Konrads Klints via Dailydave on Mar 06

Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known
vulnerabilities in those OS'es and source code availability, surely there should be an amazing amount of
SAST/semgrep/codeql rules that take as input existing known exploits and then do rules that find similar things, yet I
don't seem to be able to find such projects

Surely, these two code bases should be the foundation of most...

KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated

Full Disclosure - 5 March, 2024 - 13:31

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated

Title: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Advisory ID: KL-001-2024-004
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
    ...

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability

Full Disclosure - 5 March, 2024 - 13:30

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability

Title: Artica Proxy Unauthenticated File Manager Vulnerability
Advisory ID: KL-001-2024-003
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
     Platform: Debian 10...

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Full Disclosure - 5 March, 2024 - 13:29

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Advisory ID: KL-001-2024-002
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
     Platform: Debian...

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Full Disclosure - 5 March, 2024 - 13:29

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Advisory ID: KL-001-2024-001
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
    ...
Syndicate content