Lógico Y Creativo Security Vulnerabilities

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...

CVE-2024-26588 LoongArch: BPF: Prevent out-of-bounds memory access

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...

Slackware: Security Advisory (SSA:2024-052-01)

The remote host is missing an update for...

CVE-2024-26588

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...

php-svg-lib lacks path validation on font through SVG inline styles

Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate t...

php-svg-lib lacks path validation on font through SVG inline styles

Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate t...

View transitions: Handling aspect ratio changes

This post assumes some knowledge of view transitions. If you're looking for a from-scratch intro to the feature, see this article. When folks ask me for help with view transition animations that "don't quite look right", it's usually because the content changes aspect ratio. Here's how to handle...

Slackware: Security Advisory (SSA:2024-051-01)

The remote host is missing an update for...

Fedora 39 : rear (2024-a2f6e5ddb8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a2f6e5ddb8 advisory. Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)

The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...

Fedora 38 : rear (2024-49ddbf447d)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49ddbf447d advisory. Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to...

Slackware: Security Advisory (SSA:2024-051-02)

The remote host is missing an update for...

[slackware-security] libuv

New libuv packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libuv-1.48.0-i586-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

Exploit for CVE-2024-23897

🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻...

Exploit for CVE-2024-23897

🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻...

Raccoon Infostealer operator extradited to the United States

A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced. In March 2022, around the same...

Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)

The version of libuv installed on the remote host is prior to 1.48.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-051-02 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-051-01)

The version of mozilla-firefox installed on the remote host is prior to 115.8.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-051-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...

Employee Management System v1 - (email) SQL Injection Vulnerability

...

Employee Management System 1.0 SQL Injection

...

Employee Management System v1 - 'email' SQL Injection

...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Facebook Marketplace users’ stolen data offered for sale

Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer. A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor. The leak consists of around 200,000 records that contain names, phone...

Medium: rear

Issue Overview: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. (CVE-2024-23301) Affected Packages: rear Note: This advisory is applicable to Amazon...

Slackware: Security Advisory (SSA:2024-044-02)

The remote host is missing an update for...

CVE-2024-25744

A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side. Mitigation This vulnerability can be mitigated by disabling 32-bit emulation by default for TDX and SEV. The user can...

[slackware-security] dnsmasq

New dnsmasq packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/dnsmasq-2.90-i586-1_slack15.0.txz: Upgraded. Add limits on the resources used to do DNSSEC validation. For more information,...

FreeBSD-SA-24:02.tty

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:02.tty Security Advisory The FreeBSD Project Topic: jail(2) information leak Category: core Module: jail Announced: 2024-02-14 Credits: Pawel Jakub Dawidek...

Slackware Linux 15.0 / current dnsmasq Multiple Vulnerabilities (SSA:2024-044-02)

The version of dnsmasq installed on the remote host is prior to 2.90. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-044-02 advisory. MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers...

Slackware: Security Advisory (SSA:2024-044-01)

The remote host is missing an update for...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.48-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a...

Unbreakable Enterprise kernel security update

[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...

Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2024-044-01)

The version of bind installed on the remote host is prior to 9.16.48 / 9.18.24. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-044-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported...

Slackware: Security Advisory (SSA:2024-040-01)

The remote host is missing an update for...

Unbreakable Enterprise kernel security update

[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...

WyreStorm Apollo VX20 Credential Disclosure

...

LaborOfficeFree 19.10 MySQL Root Password Calculator Exploit

LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10...

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP...

LaborOfficeFree 19.10 MySQL Root Password Calculator

...

IBM i Access Client Solutions Remote Credential Theft Vulnerability

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft...

[slackware-security] xpdf

New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xpdf-4.05-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was...

IBM i Access Client Solutions Remote Credential Theft

...

Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2024-040-01)

The version of xpdf installed on the remote host is prior to 4.05. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-040-01 advisory. XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted...

Warning from LastPass as fake app found on Apple App Store

Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this...

2 million job seekers targeted by data thieves

A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting (XSS) attacks—both common techniques— to extract the sensitive information from the....

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught our...

Slackware: Security Advisory (SSA:2024-038-01)

The remote host is missing an update for...

y-rinkai.jp Improper Access Control vulnerability OBB-3850536

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...