Posted by Phos4Me via Fulldisclosure on Nov 27
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
gnutls-3.8.2-1.fc38
New upstream release with a fix for GNUTLS-SA-2023-10-23.
gnutls-3.8.2-1.fc39
New upstream release with a fix for GNUTLS-SA-2023-10-23.
Posted by Maurizio Ruchay via Fulldisclosure on Nov 27
Advisory ID: SYSS-2023-019
Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway
Manufacturer: Patton LLC
Affected Version(s): <= 3.21.2-23021
Tested Version(s): 2.21.1-22041, 3.21.2-23021, 3.22.0-23083
Vulnerability Type: OS Command Injection (CWE-78)
Vulnerability Type: Improper Access Control (CWE-284)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2023-07-05
Public Disclosure: 2023-08-28
CVE…
Posted by Kevin on Nov 27
running on the remote port specified during setup
Posted by Kevin on Nov 27
While conducting a penetration test for a client, they were running an
application called etc-browser which is a public GitHub project with a
Docker container. While fuzzing the web server spun up with etcd-browser
(which can run on any arbitrary port), the application had a Directory
Traversal vulnerability that is simply triggered with the following payload:
GET /../../../../../../../../../../../../etc/passwd
If running in the docker…
Posted by Aurich, Janik on Nov 27
Dear list members,
we are looking for voluntary participants for our survey, which was
developed in the context of a master thesis at the University of
Erlangen-Nuremberg.
The goal of the survey is to determine potential difficulties that may
occur when dealing with security advisories.
The focus of the study lies on the acquisition and maintenance of
security advisories
as well as the decision making based on their content.
Participants…
Posted by Chizuru Toyama on Nov 27
[+] CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389
[+] Title : Multiple vulnerabilities in Loytec L-INX Automation Servers
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4
[+] Affected Components : L-INX Automation Servers
[+] Discovery Date :…
Posted by Chizuru Toyama on Nov 27
[+] CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385
[+] Title : Multiple vulnerabilities in Loytec LINX Configurator
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX Configurator 7.4.10
[+] Affected Components : LINX Configurator
[+] Discovery Date : 01-Sep-2021
[+] Publication date : 03-Nov-2023
[+]…
USN-6513-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04.
Original advisory details:
It was discovered that Python incorrectly handled certain plist files.
If a user or an automated system were tricked into processing a specially
crafted plist file, an attacker could possibly use this issue to consume
resources, resulting in a denial of service. (CVE-2022-48564)
It was discovered that Python instances of ssl.SSLSocket were vulnerable
to a bypass of the TLS handshake. An attacker could possibly use this
issue to cause applications to treat unauthenticated received data before
TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)
