SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
===
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version:
Hi,
earlier this year in February 2022, we published a technical security advisory
-
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/
- on
different critical vulnerabilities in Zyxel devices, resulting from insecure
coding
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-9 Safari 16.2
Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-8 watchOS 9.2
watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.
Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-7 tvOS 16.2
tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.
Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.
BOM
Available for: macOS Big Sur
Impact: An app may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.
Bluetooth
Available for: macOS Monterey
Impact: An
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-4 macOS Ventura 13.1
macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.
Accounts
Available for: macOS Ventura
Impact: A user may be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-3 iOS 16.1.2
iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.
AppleAVD
Available for: iPhone 6s (all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2
iOS 16.2 and iPadOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213530.
Accounts
Available for: iPhone 8 and later,
The Adversary3 project has been updated, added a new vulnerability
category "Logic Flaw" and dozens of new malware vulnerabilities.
https://github.com/malvuln/Adversary3
___
Sent through the Full Disclosure mailing list
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Ransom.Win64.AtomSilo
Vulnerability: Crypto
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Backdoor.Win32.InCommander.17.b
Vulnerability:
BSidesSF is soliciting presentations, workshops, and villages for the 2023
annual BSidesSF conference.
Presentations: https://bsidessf.org/cfp
Workshops: https://bsidessf.org/cfp/workshops
Villages: https://bsidessf.org/cfp/villages
** Topics **
All topic areas related to reliability,
# Exploit Title: 4images 1.9 - Remote Command Execution
# Exploit Author: Andrey Stoykov
# Software Link: https://www.4homepages.de/download-4images
# Version: 1.9
# Tested on: Ubuntu 20.04
To reproduce do the following:
1. Login as administrator user
2. Browse to "General" -> " Edit Templates"
16 matches
Mail list logo