In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155

              }
            }else{
              pExpr = pRight;
            }
            pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
            sqlite3TokenInit(&sColname, zColname);
            sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
            if( pNew && (p->selFlags & SF\_NestedFrom)!=0 ){              struct ExprList\_item \*pX = &pNew->a\[pNew->nExpr-1\];
              sqlite3DbFree(db, pX->zEName);
              if( pSub ){
                pX->zEName = sqlite3DbStrDup(db, pSub->pEList->a\[j\].zEName);
                testcase( pX->zEName==0 );
              }else{
                pX->zEName = sqlite3MPrintf(db, "%s.%s.%s",

|

5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155

              }
            }else{
              pExpr = pRight;
            }
            pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
            sqlite3TokenInit(&sColname, zColname);
            sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
            if( pNew && (p->selFlags & SF\_NestedFrom)!=0 && !IN\_RENAME\_OBJECT ){              struct ExprList\_item \*pX = &pNew->a\[pNew->nExpr-1\];
              sqlite3DbFree(db, pX->zEName);
              if( pSub ){
                pX->zEName = sqlite3DbStrDup(db, pSub->pEList->a\[j\].zEName);
                testcase( pX->zEName==0 );
              }else{
                pX->zEName = sqlite3MPrintf(db, "%s.%s.%s",

CVE-2020-35527: SQLite: Check-in [c431b3fd]

Categories: Personal
Tags: plane

Tags:  ticket

Tags:  holiday

Tags:  flight

Tags:  airplane

Tags:  aeroplane

Tags:  scam

Tags:  phish

Tags:  phishing

Tags:  social engineering

We take a look at several scams targeting flyers off on their holidays, and how you can keep yourself safe.



(Read more...)




The post Plane sailing for ticket scammers: How to keep your flight plans safe appeared first on Malwarebytes Labs.

You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly. Several trip-related scams are doing the rounds right now, and we’re going to highlight some of the more prevalent ones.

Fake customer support on social media is one current major area of concern. This is often aimed at banking customers looking for assistance. The risk of this has increased since Twitter started charging for blue checkmarks, as many legitimate accounts now sport no visible means of authentication. 

With popular airline easyJet cancelling 1,700 flights between July and September due to air traffic control delays, fraudsters have been busy creating fake support accounts. For people stuck in an airport and hearing the flight is off, or getting ready to make the trip, their first reaction may be to hop onto social media for breaking advice and information.

Bogus airline accounts are directing potential victims to fake airline websites and other portals in an effort to steal credentials (and most likely any payment data they can scoop up along the way).  There’s currently somewhere in the realm of 100+ Twitter accounts using the easyJet branding. Of those, at least two have a gold verified check mark which are used exclusively for approved business accounts. Here’s the main easyJet account, for example.

The rest are a combination of “temporarily restricted” accounts, accounts set to private (and so not visible to non-followers), private individuals, video game themed(!), and more. Many of the accounts claim to be customer support and ask Twitter users to send them their mobile number for assistance. If you’re not talking to the verified account, or directed somewhere by that account, you may end up running into trouble.

Meanwhile, scammers elsewhere are targeting folks looking to dodge some of the Arizona heat. Phony travel agents lie in wait with fake websites and non-existent plane tickets. These sites appear in search engine results or random emails promising fantastic prices. Once you’ve paid and turned up on the day of the flight, or even just tried to check in online the day before, you’re in for a nasty surprise.

The fraudster has merely reserved a seat, as opposed to booking the desired ticket. Meanwhile, they were off using your payment details to try and buy who knows what. A fraught call to your bank or credit card’s customer service department now beckons.

If you’re looking for good deals, airlines and travel agents will be able to direct you to legitimate ticket sources. If you stumble upon a site you’ve not heard of, look up reviews and keep an eye out for any reference to wrong doing. One word of caution: you may also have to check the legitimacy of the reviews, too.

A final warning: be careful what you post online. We’ve previously talked about how posting up a photograph of your home environment can reveal important information. An envelope with your address on it, a box with your full name, even being geolocated because of traceable landmarks outside of your window. Well, the same warning applies to your airplane tickets too. If you’re getting into the holiday swing of things, keep all the small bits and pieces of data related to your trip out of shot. Using the information on your boarding ticket, or even your passport, people up to no good can get a good handle on who you are and what you’re doing.

If you’re revealing your name, frequent flyer number, and passport information online then you’re a possible meal ticket for scammers. This isn’t even necessarily a case of stealing your banking data. They can potentially social engineer their way into accessing your account under the guise of you having “forgotten” your login details. Maybe they’ll sell your frequent flyer account on, or do something else to cause you a headache. They may even just wait a few months and then send a targeted phish. The sky really is the limit with scams, so keep your personal info private.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Plane sailing for ticket scammers: How to keep your flight plans safe

We look at a dubious free game offer via TikTok, and explore what the site owners expect you to do in order to snag a supposed freebie.

Categories: Scams

Tags: Among Us free free games games gaming malvertising steam tiktok

*( Read more... ( https://blog.malwarebytes.com/scams/2021/10/free-steam-game-scams-on-tiktok-are-among-us/ ) )*

The post “Free Steam game” scams on TikTok are Among Us appeared first on Malwarebytes Labs.

“Free Steam game” scams on TikTok are Among Us

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earlies affected version is 5.30.0.

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Fix read/write past buffer end: perl-security#140

A package name may be specified in a \\p{...} regular expression
construct.  If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in.  By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one.  Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S\_parse\_uniprop\_string() is used to parse the interior of both \\p{} and
the user-defined sub lines.

In S\_parse\_uniprop\_string(), it parses the input "name" parameter,
creating a modified copy, "lookup\_name", malloc'ed with the same size as
"name".  The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off.  I found it convenient to strip off the package specifier
"utf8::".  To to so, the code simply pretends "lookup\_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword".  All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal.  The
problem is that "lookup\_name" no longer is pointing to its initial
value, but "name" is.  Thus the space allocated for filling "lookup\_name"
is now shorter than "name", and as this shortened "lookup\_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name".  Then both
"lookup\_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

This can be easily backported to earlier Perl releases.

*   Loading branch information

CVE-2023-47100: Fix read/write past buffer end: perl-security#140 · Perl/perl5@ff1f9f5

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-43431: Jenkins Security Advisory 2022-10-19

Delta Electronics DIAScreen may write past the end of an allocated 
buffer while parsing a specially crafted input file. This could allow an
 attacker to execute code in the context of the current process.



Your browser is currently set to block cookies. You need to allow cookies to use this service.

Cookies are small text files stored on your computer that tell us when you're signed in. To learn how to allow cookies, check the online help in your web browser.

CVE-2023-5068: We can't sign you in

Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5365-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 27, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : curl  
CVE ID         : CVE-2023-23916

Patrick Monnerat discovered that Curl's support for "chained" HTTP  
compression algorithms was susceptible to denial of service.

For the stable distribution (bullseye), this problem has been fixed in  
version 7.74.0-1.3+deb11u7. This update also fixes a regression in  
the previously released fix for CVE-2022-27774.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP9Il4ACgkQEMKTtsN8  
TjZKEA//cK64gwXlsdkBMurkfaS4XVzPfAIPoR3b9Zun57OnO79Hb+Lubj23iva0  
PpnHi5cyLDRC4RkQrICAygGGZkqBg0s5kA2aNv6sNF4CrF01cDHi5xbeb8SIb3K2  
S6n/UOXST1zWlPjPsewoe+ct1dC53+24pelwVWNB8fRdvnbD49XQQ7eI8hZAWJpt  
ebFXkfi7xOPrSgHJdOyHAjJK3qySqfOgfbBY3qy650Po3SHS+YAqztRl+/TQf/Al  
fonzIypIHpcTDUyzJ9qBfLTUbui0HgjiaQbepp42+mUb/ajtbSlVHf+a+MXUm2Vr  
5kE7SDdoXTQDHkdiuo0SFpxOhhGG3BV7RecX+4tKnfTP5ADr2MZ0XnVq5RJ6y9eL  
1JOTxdFBPIIjzIpdCN2NrQdSXEk9faZv6L3HXoUA92rtXaxdqYD0UkNsOBYjBtJT  
4TZOS3br3bsYUxveFGeJsHA0DTcv+k6NtHxE9XyTvPwjPZyAgck35K+4zPZkQxO1  
fHGWXVCODsPm6g/TzPP1GrBzuLGS9fbhAF2+cVQkSPoO8eS7salDkR4k7HCshNuY  
5qhLi5PQCTrlIhOfOueRoBj0dYtR96WePh8K6mQ1gA/KtQ+n/Ps+Obpnv75cdOF8  
K03rqj/CFODZ/IqinIUr+8b+Pt50kTenU4Z6pacqleEz4WcVePc=  
=7ySA  
-----END PGP SIGNATURE-----

Debian Security Advisory 5365-1

Red Hat Security Advisory 2024-5365-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5365.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:5365-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5365  
Issue date:         2024-08-14  
Revision:           03  
CVE Names:          CVE-2021-47383  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (CVE-2024-26897)

* kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (CVE-2024-27052)

* kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-52651)

* kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)

* kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

* kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)

* kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556)

* kernel: stm class: Fix a double free in stm_register_device() (CVE-2024-38627)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-52875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47383

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265653  
https://bugzilla.redhat.com/show_bug.cgi?id=2275655  
https://bugzilla.redhat.com/show_bug.cgi?id=2275742  
https://bugzilla.redhat.com/show_bug.cgi?id=2278417  
https://bugzilla.redhat.com/show_bug.cgi?id=2278435  
https://bugzilla.redhat.com/show_bug.cgi?id=2278519  
https://bugzilla.redhat.com/show_bug.cgi?id=2278989  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281647  
https://bugzilla.redhat.com/show_bug.cgi?id=2281821  
https://bugzilla.redhat.com/show_bug.cgi?id=2282357  
https://bugzilla.redhat.com/show_bug.cgi?id=2282719  
https://bugzilla.redhat.com/show_bug.cgi?id=2282720  
https://bugzilla.redhat.com/show_bug.cgi?id=2284474  
https://bugzilla.redhat.com/show_bug.cgi?id=2284511  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293443  
https://bugzilla.redhat.com/show_bug.cgi?id=2293444  
https://bugzilla.redhat.com/show_bug.cgi?id=2293461  
https://bugzilla.redhat.com/show_bug.cgi?id=2293700

Red Hat Security Advisory 2024-5365-03

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').

2022-11-24 10:00 (CET) VDE-2022-044  

**Pilz: Multiple products affected by ZipSlip**  
Share: Email | Twitter  

**Published**

2022-11-24 10:00 (CET)

**Last update**

2022-11-17 15:32 (CET)

**Vendor(s)**

Pilz GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

\-

PAScal

<= 1.9.1

\-

PASconnect

< 1.4.0

\-

PASmotion

< 1.4.1

\-

PNOZmulti Configurator

< 11.2.0

\-

PNOZmulti Configurator LTS

< 10.14.4

**Summary**

Several Pilz software products do not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.

**CVE ID**

**Last Update:**

Nov. 10, 2022, 11:53 a.m.

**Severity**

**Weakness**

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

**Summary**

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').

**Details**

**Impact**

The affected software products are using ZIP archives to save and load project backups and libraries. When loading a ZIP archive, the contained pathnames are not checked properly for relative path components. If a user loads a manipulated ZIP archive the vulnerability can be used to place potentially malicious files outside of the application's working directory. Depending on the user’s privileges this can lead to code execution.

**Solution**

**General Countermeasures**

*   Do not use .zip or .par files from untrusted sources. If you need to load a file from an  
    untrusted source, please contact your local Pilz support.

**Product-specific Countermeasures**

*   Please visit the Pilz Shop (www.pilz.com/en-INT/eshop) to check for the fixed version

**Reported by**

Pilz would like to thank CERT@VDE for coordinating publication.

CVE-2022-40976: VDE-2022-044 | CERT@VDE

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

Skip to content

*   *   Why GitLab
    *   Pricing
    *   Contact Sales
    *   Explore
    
*   Why GitLab
*   Pricing
*   Contact Sales
*   Explore

**Consul RCE vulnerability \`enable-script-checks\`**

**Summary**

GitLab Premium _in GitLab_ customer engaged GitLab Support to disclose the ability to exploit an RCE vulnerability in Consul, using GitLab Omnibus version v15.11.3 with Consul 1.12.5.

In 2019 there was an MR that addressed this by upgrading Consul for Omnibus: !3400 (merged)

This MR addressed the following issue: #4124 (closed)

The customer has indicated that upgrading the Consul version to a patched version is not enough to mitigate the vulnerability. Apparently we still set enable_script_checks to true by default in the Omnibus cookbook, and part of the mitigation is changing enable_script_checks to enable_local_script_checks.

**Steps to reproduce**

**Mitigation steps**

**Example Project****What is the current _bug_ behavior?****What is the expected _correct_ behavior?****Relevant logs and/or screenshots****Output of checks****Results of GitLab environment info**Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
\`sudo gitlab-rake gitlab:env:info\`)

(For installations from source run and paste the output of:
\`sudo -u git -H bundle exec rake gitlab:env:info RAILS\_ENV=production\`)

**Results of GitLab application Check**Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)

(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)

(we will only investigate if the tests are passing)
**Possible fixes**

cc @gitlab-com/gl-security/appsec

Edited May 17, 2023 by Michael Trainor

Search

lenovo warranty check/lookup | check warranty status | lenovo support us