Category Archives: Advisories

Advisories

Buffer Overflow in glXQueryServerString() of mesa

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a segmentation violation via the function glXQueryServerString().

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9858

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45919 to…

Read More

Advisories

NULL pointer dereference in tgetstr() of ncurses

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
ncurses v6.4-20230610 was discovered to contain a NULL pointer dereference via the function tgetstr().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
ncurses

[Affected Product Code Base]
ncurses – 6.4-20230610

[Reference]
https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

Advisories

Null pointer dereference in Xedit

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A NULL pointer dereference in the component /X11/xedit/lisp of Xedit v1.2.3 allows attackers to cause a Denial of
Service (DoS) via a crafted lisp.lsp file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
Xedit

[Affected Product Code Base]
Xedit – 1.2.3

[Reference]
https://gitlab.freedesktop.org/xorg/app/xedit/-/issues/1

[CVE Reference]
The Common Vulnerabilities and Exposures project…

Read More

Advisories

Null pointer deference in freedesktop mesa

Read Time:19 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function
dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an
DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]…

Read More

Advisories

PrommetriX – (Prometheus Metrics Leaker) released!

Read Time:23 Second

Posted by psy on Jan 26

Hi FD,

I am glad to present this script:

– Prommetrix

I think that building a tool that quite facilitates the scraping work of
the data presented by the Prometheus metrics, perhaps it is possible to
make the team that develops it becomes aware of the existing need to
protect them from their core.

23/01/2024:

– Google (search engine): ~ 1832 servers with exposed metrics
– Shodan ~ 7320 servers with exposed metrics

———…

Read More

Advisories

Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)

Read Time:13 Second

Posted by Rahim, Mohaiman via Fulldisclosure on Jan 26

Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)

Credit: Mohaiman Rahim

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# Product: RLM 15.1
# Vendor: Reprise Software
# CVE ID: CVE-2023-43183
# Vulnerability Title: Incorrect Access…

Read More

Advisories

Yet another fork()/malloc() bomb in javascript + SIGILL in Chrome

Read Time:25 Second

Posted by Georgi Guninski on Jan 26

Searching the web for `javascript fork malloc bomb` returns results,
e.g. [here][1]: and [here][2]:

We got a javascript fork malloc bomb which crashed Chrome 121 on linux
with SIGILL and about one in five runs the virtual machine freezes.
SIGILL almost always is a sign of memory corruption 🙂
On android it crashes the current tab without explanation.
Firefox 121 on linux also crashes the current tab.

In all cases except the sporadic freezes,…

Read More

Advisories

TrojanSpy Win32 Nivdort / Insecure Permissions – EoP (SYSTEM)

Read Time:18 Second

Posted by malvuln on Jan 26

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/15bda00b57e2ed729a45f7cfa62165da.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: TrojanSpy Win32 Nivdort
Vulnerability: Insecure Permissions – EoP (SYSTEM)
Family: Nivdort
Type: PE32
MD5: 15bda00b57e2ed729a45f7cfa62165da
Vuln ID: MVID-2024-0668
Dropped files: dqrpgvnkh, egjrdhynfm, nhefhloix, rvoyf6ljtqg4zejno.exe…

Read More

Advisories

APPLE-SA-01-22-2024-9 tvOS 17.3

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-9 tvOS 17.3

tvOS 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214055.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with…

Read More

Advisories

APPLE-SA-01-22-2024-8 watchOS 10.3

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-01-22-2024-8 watchOS 10.3

watchOS 10.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214060.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: Apple Watch Series 9 and
Apple Watch Ultra 2
Impact: An app…

Read More