Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Apr 27

SEC Consult Vulnerability Lab Security Advisory < 20220427-0 >
=======================================================================
title: Privilege Escalation
product: Miele Benchmark Programming Tool
vulnerable version: at least 1.1.49 and 1.2.71
fixed version: 1.2.72
CVE number: CVE-2022-22521
impact: Medium
homepage: https://www.miele.com/
found:…

Read More

Posted by Stefan Pietsch on Apr 27

# Trovent Security Advisory 2108-02 #
#####################################

User account enumeration in password reset function
###################################################

Overview
########

Advisory ID: TRSA-2108-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2108-02
Affected product: Zepp Android mobile application (com.huami.watch.hmwatchmanager)
Tested versions: Zepp 6.1.4-play…

Read More

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

Read More

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.

Read More

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.

Read More

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.

Read More

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .

Read More

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.

Read More

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read More

Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)

Read More