Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities.
57e210f71bf42a3b11e36e7813fbbb82fccbd07555cd2d876285ea9c410da45cRed Hat Security Advisory 2022-2236-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
5ba43fd966028b550bd0b0e32415a9ad193c6abc0e8f4051a4810a3133f63413Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.
fbbfbdf0a9151383c4fd51b75bed69402cdeb86e35b863354d293fba3587a9fdUbuntu Security Notice 5419-1 - It was discovered that Rsyslog improperly handled certain invalid input. An attacker could use this issue to cause Rsyslog to crash.
9b932c5bd024a7f4d15dbe45fcd972c8a1508eba46c88889bb93109549ff87aeUbuntu Security Notice 5420-1 - It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
a33060407453b19aa7187d7422d0a895fbe372f01e612751c0d342a6bec706caScripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.
5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911Cooper utilizes cooperative mutation to test the binding code of scripting languages to find memory-safe issues. Cooperative mutation simultaneously modifies the script code and the related document objects to explore various code paths of the binding code. To support cooperative mutation, the authors infer the relationship between script code and document objects to guide the two-dimensional mutation. They applied their tool Cooper on three popular commercial PDF tools, Adobe Acrobat, Foxit Reader, and Microsoft Word. Cooper detected 134 previously unknown bugs, which resulted in 33 CVE entries and 22K bug bounties.
2b1855049e54d63e476c65196cd445f22b388370ab838980e67d3919d5943a51
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed