BD Pyxis™ SupplyStation™ RF Auxiliary Security Vulnerabilities

Metasploit Weekly Wrap-Up

Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an authentication bypass to ultimately gain...

Adobe ColdFusion Unauthenticated Arbitrary File Read

This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read an arbitrary file from the server. To run this module you must provide a valid ColdFusion...

Adobe ColdFusion Unauthenticated Remote Code Execution

This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Jan 2023 - Includes Oracle January 2023 CPU

Summary Vulnerabilities may affect IBM® SDK, Java™ Technology Edition. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, Global Configuration Management, IBM...

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to...

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update...

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection...

CVE-2022-33270

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration...

CVE-2022-33269

Memory corruption due to integer overflow or wraparound in Core while DDR memory...

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption...

VMware Workspace ONE Access CVE-2022-22960

This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

TPM Out of Bounds Access

Bulletin ID: AMD-SB-7002 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs....

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...

pdfkit 0.8.7.2 Command Injection

...

pdfkit v0.8.7.2 - Command Injection

...

pdfkit v0.8.7.2 - Command Injection Exploit

...

Fedora 36 : xen (2023-04b5338dd0)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04b5338dd0 advisory. x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one...

CVE-2023-28625

A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of.....

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2023 CPU plus deferred CVE-2022-21426

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

A Royal Analysis of Royal Ransom

A Royal Analysis of Royal Ransom By Alexandre Mundo, and Max Kersten · April 3, 2023 We would like to thank Advanced Cyber Services team within Trellix Professional Services for the incident response-related data. Emerging in early 2022 as a private group which used multiple strains of ransomware,....

CVE-2023-20559

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of...

Enlightenment v0.25.3 - Privilege escalation Vulnerability

...

Enlightenment v0.25.3 - Privilege escalation

...

Metasploit Weekly Wrap-up

Windows 11 ADF WinSock Priv Esc The new windows/local/cve_2023_21768_afd_lpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full...

Security Bulletin: NVIDIA DCGM - March 2023

NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, download and install the latest DCGM release from the CUDA repositories. Go to NVIDIA Product...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility - CVE-2022-21619

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...

Security Bulletin: NVIDIA GPU Display Driver - March 2023

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. To protect your system, download and install this software update...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: A...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-4263)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. This issue was disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM SAN Volume Controller and Storwize Family (CVE-2015-4872)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in October 2015. SAN Volume Controller and Storwize Family has addressed.....

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Apr 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION:An...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM SAN Volume Controller and Storwize Family (CVE-2016-0475)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in January 2016. SAN Volume Controller and Storwize Family has addressed.....

Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602)

Summary A vulnerability in the IBM® Runtime Environment Java™ Technology Edition affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products . These issues were disclosed as part of the IBM Java SDK updates in February 2017. The applicable CVEs are...