Category Archives: Advisories

St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro

Read Time:16 Second

Posted by Weber Thomas via Fulldisclosure on Nov 21

St. Pölten UAS 20241118-0
——————————————————————————-
title| Multiple Stored Cross-Site Scripting
product| SEH utnserver Pro
vulnerable version| 20.1.22
fixed version| 20.1.35
CVE number| CVE-2024-11304
impact| High
homepage| https://www.seh-technology.com/
found| 2024-05-24
by| P….

Read More

Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionOS/watchOS)

Read Time:21 Second

Posted by Nosebeard Labs on Nov 21

Dear colleagues,

Nosebeard Labs is pleased to share its latest advisory, detailing a
bypass of Apple’s system wide web content filter. The HTML version of
this advisory is also available at:
https://nosebeard.co/advisories/nbl-001.html

Warmest regards,
Nosebeard Labs

## Summary
Nosebeard Labs Security Advisory NBL-001
Title: Apple web content filter bypass allows unrestricted access to
blocked content…

Read More

USN-7118-1: ZBar vulnerabilities

Read Time:29 Second

It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. (CVE-2023-40889)

It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2023-40890)

Read More

ZDI-24-1611: Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11580.

Read More

ZDI-24-1609: Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11578.

Read More

ZDI-24-1607: Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11576.

Read More