This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.
abb8c4529f9d5d619b36098b1423bf2e497fc0bebd5da0e83e1d5c9a49803636Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
51fc840e368ab7cc6efb3fa6881cc77590c05add2b6fc11f9d0ea0758d58cd11Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
06d517c97370c59fdc96ca03d3f28b5640a7f91cc4903282bc6b22716ebe8c37This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability, CVE-2022-22957, is a JDBC injection remote code execution vulnerability specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow for remote code execution.
7c29d90e3f3e9d482ff4bcd4e44dc3c7f3847da9e1f2f563dc1812dc6362bcd4Ubuntu Security Notice 6023-1 - It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
c2037fa24af4bd8f816653b2ee5ca208e408c2cc49d66c1ad005b987cd158970Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
c0b211c61f5b1935e346647b65b123e0fa7907ee7a3ed75a15991b0a9fd45bb6Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
c0eb66100eff33a05cc9e2d9a75d565b68109c88876cfb85737526650fe5d7c1Red Hat Security Advisory 2023-1516-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.
ada22b83480d530ee8dd30e19a50c7326170a048925344548198a2d631be3992Red Hat Security Advisory 2023-1514-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.
d824fa0b2fa9cc42e7a86a5d520947e9f872bd49e8c27c8d03ebc68e2daf842cRed Hat Security Advisory 2023-1513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.
8af2d0ded0c961c64669c01e0c9a55b02840722c7cb068fa9c23855dfb94ec90Red Hat Security Advisory 2023-1512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.
8b199d244e9663ea80d29b5f565ad951a94aac5b8c1b7531eb30175765526316Ubuntu Security Notice 5945-1 - It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that Protocol Buffers did not properly parse certain symbols. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
4fb3ee1e380b754859ef1c4f7b8fd0cc38909e4f1842b4e0583271c30d636ea3Red Hat Security Advisory 2023-1184-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
0f48bd7a393aef5d9dcadb87e9183ba01b53e27b44e00b5f6d5ac85fc52c76edRed Hat Security Advisory 2023-1185-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
1b35415f9e8d1636ca996c0a110eecc13a687e7b655b48d2acb88fee7dfd2bc0Ubuntu Security Notice 5897-1 - Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL.
876e161a36c45b492f4948e756c267a2ef274b0a2637174a5d594beacea6127eUbuntu Security Notice 5898-1 - It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL.
72451c51f27af857632603e483d9bfa9c145b4a50405558130ae42f60da00e32AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
65c5483016570ea2fd986c9fd302001786b8924e7bfe294e0bbbd46f415bf974Red Hat Security Advisory 2023-0759-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.
3a013aeebb819c40241eb21209dadcee7a0a0e72fc7a6f0edd34cc1a1875f4a7Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
38f95ee57d63d0e8b884ef1127b64a2ad246bd3ea2088d67b53d2f1ae8e3140bRed Hat Security Advisory 2023-0553-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
b1c38f65bae3193ed8c668b2bae1cee800e1ccc28c19fe1cdfede86f7cf64425Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
006e90c63a69c501c16f89812a5a1aaf7502785b6b055395eb2ad74a1842941eRed Hat Security Advisory 2023-0554-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
e90ca13f238e697d7a29099622998f986479754c0835d83a15b54b13aa1987a6Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
fdd1e59f82d92219da0e2d2df0b897f5c18f334dce9ba31e6253e2a5b32a8562OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
6eb7d1a1e6eb294ab3d2ef38d3c4e0c321b4f9e4a92c209eec86af3c6cbe2668Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
6cb75512f22c4b10076ab44d7a5c8a9b721c51a7afe86c31ff28c113d4b380f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed