Monthly Archives: December 2023

Advisories

SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231211-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: PDF24 Creator (geek Software GmbH)
vulnerable version: <=11.15.1
fixed version: 11.15.2
CVE number: CVE-2023-49147
impact: High
homepage:…

Read More

Advisories

SEC Consult SA-20231206 :: Kiosk Escape Privilege Escalation in One Identity Password Manager Secure Password Extension

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231206-0 >
=======================================================================
title: Kiosk Escape Privilege Escalation
product: One Identity Password Manager Secure Password Extension
vulnerable version: <5.13.1
fixed version: 5.13.1
CVE number: CVE-2023-48654
impact: critical
homepage:…

Read More

Advisories

SEC Consult SA-20231205 :: Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (SBC), Branch, BCF

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231205-0 >
=======================================================================
title: Argument injection leading to unauthenticated RCE and
authentication bypass
product: Atos Unify OpenScape Session Border Controller (SBC)
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF
vulnerable…

Read More

Advisories

SEC Consult SA-20231128 :: Missing Certificate Validation & User Enumeration in Anveo Mobile App and Server

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20231128-0 >
=======================================================================
title: Missing Certificate Validation & User Enumeration
product: Anveo Mobile App and Server
vulnerable version: Mobile App: 10.0.0.359 / 2016-07-13; Server: 11.0.0.5
fixed version: –
CVE number: –
impact: Medium
homepage:…

Read More

Advisories

HNS-2023-04 – HN Security Advisory – Buffer overflow vulnerabilities with long path names in TinyDir

Read Time:27 Second

Posted by Marco Ivaldi on Dec 12

Hi,

Please find attached a security advisory that describes some buffer
overflow vulnerabilities we discovered in TinyDir.

* Title: Buffer overflow vulnerabilities with long path names in TinyDir
* Product: TinyDir <= 1.2.5
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-12-04
* CVE ID: CVE-2023-49287
* Severity: High – 7.7 – CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* Vendor URL: https://github.com/cxong/tinydir

Read More