Security News

Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionOS/watchOS)

Full Disclosure - 21 November, 2024 - 14:29

Posted by Nosebeard Labs on Nov 21

Dear colleagues,

Nosebeard Labs is pleased to share its latest advisory, detailing a
bypass of Apple's system wide web content filter. The HTML version of
this advisory is also available at:
https://nosebeard.co/advisories/nbl-001.html

Warmest regards,
Nosebeard Labs

## Summary
Nosebeard Labs Security Advisory NBL-001
Title: Apple web content filter bypass allows unrestricted access to
blocked content...

SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)

Full Disclosure - 12 November, 2024 - 22:43

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 12

SEC Consult Vulnerability Lab Security Advisory < 20241112-0 >
=======================================================================
title: Multiple vulnerabilities
product: Siemens Energy Omnivise T3000
vulnerable version: >=8.2 SP3
fixed version: see solution section
CVE number: CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
impact: High...

Security issue in the TX Text Control .NET Server for ASP.NET.

Full Disclosure - 12 November, 2024 - 22:43

Posted by Filip Palian on Nov 12

Hej,

Let's keep it short ...

=====

Intro

=====

A "sudo make me a sandwich" security issue has been identified in the TX
Text

Control .NET Server for ASP.NET[1].

According to the vendor[2], "the most powerful, MS Word compatible document

editor that runs in all browsers".

Likely all versions are affected however, it was not confirmed.

=====

Issue

=====

It was possible to change the configured system path for...

SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater

Full Disclosure - 9 November, 2024 - 22:17

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09

SEC Consult Vulnerability Lab Security Advisory < 20241107-0 >
=======================================================================
title: Multiple Vulnerabilities
product: HASOMED Elefant and Elefant Software Updater
vulnerable version: <24.04.00, Elefant Software Updater <1.4.2.1811
fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811
CVE number: CVE-2024-50588,...

Unsafe eval() in TestRail CLI

Full Disclosure - 6 November, 2024 - 22:17

Posted by Devin Cook on Nov 06

This is not a very exciting vulnerability, but I had already publicly disclosed
it on GitHub at the request of the vendor. Since that report has disappeared,
the link I had provided to MITRE was invalid, so here it is again.

-Devin

---

# Unsafe `eval()` in TestRail CLI FieldsParser

Date Reported: 2024-10-03
CVSSv3.1 Score: 7.3
CVSSv3.1 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: Medium
Vulnerability Class: Eval Injection

## Summary...
Syndicate content