This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-1180.
It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer,
insufficiently sanitised
python-cryptography-41.0.7-1.fc39
Security fix for CVE-2023-49083
python-cryptography-41.0.7-1.fc40
Automatic update for python-cryptography-41.0.7-1.fc40.
* Thu Feb 1 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 41.0.7-1
– Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
Posted by Apple Product Security via Fulldisclosure on Feb 04
APPLE-SA-02-02-2024-1 visionOS 1.0.2
visionOS 1.0.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214070.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to
arbitrary code…
Posted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security Advisory
For the algorithm lovers: Nontransitive comparison functions lead to
out-of-bounds read & write in glibc’s qsort()
========================================================================
Contents
========================================================================
Summary
Background
Experiments
Analysis
Patch
Discussion
Acknowledgments
Timeline
CUT MY LIST IN TWO PIECES
THAT’S HOW YOU START…
Posted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security Advisory
CVE-2023-6246: Heap-based buffer overflow in the glibc’s syslog()
========================================================================
Contents
========================================================================
Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline
========================================================================
Summary…
Posted by Andreas Hammer on Feb 04
Hello there!
The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:
https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/
The…
Posted by malvuln on Feb 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the…
Posted by Egidio Romano on Feb 04
————————————————————
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
————————————————————
[-] Software Link:
[-] Affected Versions:
Version 2.2.13 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the…
