#mac

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation. With this weak permission, you are able to inject commands into the systemd-tmpfiles service to write a cron job to execute a payload. systemd-tmpfiles is executed by default on boot on RedHat-based systems through systemd-tmpfiles-setup.service. Depending on the system in use, the execution of systemd-tmpfiles could also be triggered by other services, cronjobs, startup scripts etc. This module was tested against Tomcat 7.0.54-3 on Fedora 21.

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file.

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Omron  Equipment: CJ1M PLC  Vulnerabilities: Improper Access Control    2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address. An attacker can also overwrite passwords and lock engineers from reading their own memory regions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Omron CJ1M, a programmable logic controller, are affected:  SYSMAC CJ-series  CJ2H-CPU6 □ -EIP: All versions  CJ2H-CPU6 □: All versions  CJ2M-CPU □ □: All versions  CJ1G-CPU □ □ P: All versions  SYSMAC CS-series   CS1H-CPU □ □ H: All versions  CS1G-CPU □ □ H: All versions  CS1D-CPU □ □ HA: All versions  CS1D-CPU □ □ H: All versions  CS1D-CPU □ □ SA: All versions  CS1D-CPU □ □ S: All versions  CS1D-CPU □ □ P: All versions  SYSMAC CP-series  CP2E-E □ □ D □ - □: All versions  CP2E-S □ □...

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The user must be authenticated to be able to exploit this vulnerability.

**How could an attacker exploit this vulnerability?** An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.