SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution – CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:…

Read More

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Read Time:21 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory –
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ – on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server…

Read More

APPLE-SA-2022-12-13-9 Safari 16.2

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie…

Read More

APPLE-SA-2022-12-13-8 watchOS 9.2

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.

Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD
Available for: Apple Watch Series 4 and…

Read More

APPLE-SA-2022-12-13-7 tvOS 16.2

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.

Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD…

Read More