A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability.
Category Archives: Advisories
curl-7.85.0-5.fc37
FEDORA-2022-d7ee33d4ad
Packages in this update:
curl-7.85.0-5.fc37
Update description:
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
curl-7.82.0-12.fc36
FEDORA-2022-9836111c44
Packages in this update:
curl-7.82.0-12.fc36
Update description:
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
ZDI-22-1686: VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
ZDI-22-1685: Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1684: Siemens JT2Go RAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1683: Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1682: Apple Safari DFG JIT Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution – CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:…
SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
Hi,
earlier this year in February 2022, we published a technical security advisory –
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ – on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.
Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server…