XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-242-01)

The version of mozilla-firefox installed on the remote host is prior to 115.2.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-242-01 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have ...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Mozilla Firefox ESR < 102.15

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-35 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...

KLA52675 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: Memory...

Security Vulnerabilities fixed in Firefox 117 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....

KLA52674 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Memory corruption vulnerability in IPC CanvasTranslator can be exploited remotely to cause.....

Security Vulnerabilities fixed in Thunderbird 115.2 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....

Mozilla Firefox ESR < 115.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-36 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...

KLA52660 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: Code...

Security Vulnerabilities fixed in Firefox ESR 102.15 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....

Security Vulnerabilities fixed in Thunderbird 102.15 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....

Security Vulnerabilities fixed in Firefox ESR 115.2 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....

KLA52661 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: Memory...

Mozilla Firefox < 117.0

The version of Firefox installed on the remote Windows host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to...

Mozilla Firefox ESR < 102.15

The version of Firefox ESR installed on the remote Windows host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-35 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have...

KLA52662 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Memory corruption vulnerability in IPC CanvasTranslator can be exploited remotely to cause.....

Mozilla Firefox ESR < 115.2

The version of Firefox ESR installed on the remote Windows host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-36 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led...

Mozilla Firefox < 117.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could...

Fedora: Security Advisory for libqb (FEDORA-2023-5a717dd33d)

The remote host is missing an update for...

[SECURITY] Fedora 38 Update: libqb-2.0.8-1.fc38

A "Quite Boring" library that provides high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and...

Improver Validation of File Name Causes RCE

Description Due to insufficient sanitization of the music file name, it is possible to execute arbitrary commands on the victims computer, through a specially crafted file name. Note that this bug was only found exploitable only on the MacOS version of this application. Although still applicable...

Siemens Address Processing in SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CVE-2023-3953

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro...

Malicious code in web3tool-providers-ipc (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (45dd480c31cdb6a16b4c7308f724f05b190296dae7805a05b87ae74a81440fe6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MTE As Implemented, Part 2: Mitigation Case Studies

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). In Part 1 we discussed testing the technical (and implementation) limitations of MTE on the...

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. The scale of the attacks...

APT trends report Q2 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the...

SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a client....

Dahua Security - Configuration File Disclosure

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...

CVE-2023-21255

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Notes Author| Note ---|--- rodrigo-zaiden | issue in...

CVE-2023-33127

A vulnerability was found in dotNET applications where the Windows dotNET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. A remote attacker can exploit DCOM applications that expose a diagnostic port to achieve cross-session/cross-user...

CVE-2023-22387 Use of Out-of-range Pointer Offset in Qualcomm IPC

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory...

Amazon Linux 2023 : perl, perl-Attribute-Handlers, perl-AutoLoader (ALAS2023-2023-218)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-218 advisory. HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) ...

Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1724 Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability June 26, 2023 CVE Number CVE-2023-1531 SUMMARY A use-after-free vulnerability exists in the WebGL rx::Image11::disassociateStorage functionality of Google Chrome Stable...

CVE-2023-1862

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....

CVE-2023-1862

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....

CVE-2023-1862

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....

Improper access control

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....

CVE-2023-1862 Remote access to warp-svc.exe in Cloudflare WARP

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....

Desktop APP XSS to RCE

🔒️ Requirements The user must load the malicious configuration and click on the buttons. 📝 Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. 💉 Not sanitized HTML injection In the...

Siemens SIMATIC S7-1500 TM MFP Linux Kernel

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 (commit 5383c20e947fd772668316e407edc5d5db4850db), the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example...

Ubuntu: Security Advisory (USN-6151-1)

The remote host is missing an update for...

linux-xilinx-zynqmp vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that the KVM VMX implementation in the Linux kernel did....

Linux kernel (Xilinx ZynqMP) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service...

Ubuntu: Security Advisory (USN-6133-1)

The remote host is missing an update for...

linux-intel-iotg-5.15 vulnerabilities

It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...