Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-28144: security - Security issue in Hotspot elevate_perf_privileges.sh (CVE-2023-28144)

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

CVE
#vulnerability#web#mac#windows#linux#git#php#perl#auth
CVE-2023-24930

Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability

Apache Tomcat Privilege Escalation

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation. With this weak permission, you are able to inject commands into the systemd-tmpfiles service to write a cron job to execute a payload. systemd-tmpfiles is executed by default on boot on RedHat-based systems through systemd-tmpfiles-setup.service. Depending on the system in use, the execution of systemd-tmpfiles could also be triggered by other services, cronjobs, startup scripts etc. This module was tested against Tomcat 7.0.54-3 on Fedora 21.

CVE-2023-24180: found integer overflow bugs · Issue #75 · aclements/libelfin

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file.

RHSA-2023:1221: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

RHSA-2023:1199: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.

Omron CJ1M PLC

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Omron  Equipment: CJ1M PLC  Vulnerabilities: Improper Access Control    2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address. An attacker can also overwrite passwords and lock engineers from reading their own memory regions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Omron CJ1M, a programmable logic controller, are affected:  SYSMAC CJ-series  CJ2H-CPU6 □ -EIP: All versions  CJ2H-CPU6 □: All versions  CJ2M-CPU □ □: All versions  CJ1G-CPU □ □ P: All versions  SYSMAC CS-series   CS1H-CPU □ □ H: All versions  CS1G-CPU □ □ H: All versions  CS1D-CPU □ □ HA: All versions  CS1D-CPU □ □ H: All versions  CS1D-CPU □ □ SA: All versions  CS1D-CPU □ □ S: All versions  CS1D-CPU □ □ P: All versions  SYSMAC CP-series  CP2E-E □ □ D □ - □: All versions  CP2E-S □ □...

CVE-2023-24930: Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The user must be authenticated to be able to exploit this vulnerability.

CVE-2023-23415: Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.