This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
=======================================================================
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 16.2.2 – 22.3
fixed version: 22.4
CVE number: CVE-2022-45924, CVE-2022-45922, CVE-2022-45925,…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
=======================================================================
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 – 22.3
fixed version: 22.4
CVE number: CVE-2022-45927…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19
SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
=======================================================================
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 – 22.3
fixed version: 22.4
CVE number: CVE-2022-45923
impact: Critical
homepage:…
Posted by Marco Ivaldi on Jan 19
Dear Full Disclosure,
Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.
* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date:…
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
====================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-42905 to this issue.
Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
If wolfSSL…
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
When a TLS 1.3 client…
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL 5.3.0: Denial-of-service
==================================
## INFO
=======
The CVE project has assigned the id CVE-2022-38153 to this issue.
Severity: 5.9 MEDIUM
Affected version: 5.3.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
In wolfSSL 5.3.0 man-in-the-middle attackers or a malicious server can crash TLS
1.2…
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
## SUMMARY
==========
When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a…
pgadmin4-6.19-1.fc37
Update to pgadmin4-6.19.
