This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 05
SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
=======================================================================
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Application Server ABAP and ABAP®
Platform (SAP_BASIS)
vulnerable version: see section “Vulnerable / tested versions”…
Posted by Apple Product Security via Fulldisclosure on Oct 05
APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3
iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213961.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro…
Posted by Qualys Security Advisory via Fulldisclosure on Oct 05
Qualys Security Advisory
Looney Tunables: Local Privilege Escalation in the glibc’s ld.so
(CVE-2023-4911)
========================================================================
Contents
========================================================================
Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline
========================================================================
Summary…
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
October 9th – UPDATED OVERVIEW:
Google Android has released Android 14 with a new set of remote code execution vulnerabilities.
Maxim Suhanov discovered multiple vulnerabilities in GURB2’s code to
handle NTFS filesystems, which may result in a Secure Boot bypass.
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.
tacacs-F4.0.4.28.7fb~20231005g4fdf178-2.el8
Update to git snapshot 4fdf178 for CVE-2023-45239; Fixes: RHBZ#2242402
tacacs-F4.0.4.28.7fb~20231005g4fdf178-2.el9
Update to git snapshot 4fdf178 for CVE-2023-45239; Fixes: RHBZ#2242402
tacacs-F4.0.4.28.7fb~20231005g4fdf178-1.fc37
Update to git snapshot 4fdf178 for CVE-2023-45239; Fixes: RHBZ#2242402
