Category Archives: Advisories

Advisories

USN-5625-2: Mako vulnerability

Read Time:13 Second

USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for
Ubuntu 22.10.

Original advisory details:

It was discovered that Mako incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.

Read More

Advisories

SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
=======================================================================
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
Community: <6.2022.1, <5.2022.4, <4.1.2.191.38
fixed version: Enterprise: 5.45.0
Community: 6.2022.1, 5.2022.4,…

Read More

Advisories

SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
=======================================================================
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
fixed version: 22.1
CVE number: CVE-2022-26088
impact: Low
homepage: https://www.bmc.com/it-solutions/remedy-itsm.html

Read More

Advisories

SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221109-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Simmeth System GmbH Supplier manager (Lieferantenmanager)
vulnerable version: < 5.6
fixed version: 5.6
CVE number: CVE-2022-44012, CVE-2022-44013, CVE-2022-44014,
CVE-2022-44015,…

Read More

Advisories

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213504.

libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google…

Read More

Advisories

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

Read Time:28 Second

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213505.

libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination…

Read More

Advisories

Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemServ.d
Vulnerability: Unauthenticated Remote Command Execution
Family: RemServ
Type: PE32
MD5: 05a082d441d9cf365749c0e1eb904c85
Vuln ID: MVID-2022-0655
Disclosure: 11/11/2022
Description: The malware creates a service…

Read More