SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214097.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad...

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214098.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-6 visionOS 1.1.1

visionOS 1.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214093.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Apple Vision Pro
Impact: Processing an image may lead to arbitrary code execution
Description: An...

Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27

Wall-Escape (CVE-2024-28085)

Skyler Ferrante: Escape sequence injection in util-linux wall

=================================================================
Summary
=================================================================

The util-linux wall command does not filter escape sequences from
command line arguments. The vulnerable code was introduced in
commit cdd3cc7fa4 (2013). Every version since has been
vulnerable.

This allows...

Posted by malvuln on Mar 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.STOP.Ransomware (smokeloader)
Vulnerability: Remote Code Execution (MITM)
Family: Stop
Type: PE32
MD5 3b9e9e130d52fe95c8be82aa4b8feb74
Vuln ID: MVID-2024-0676
Disclosure: 03/22/2024
Description:
There are two roads to...

Posted by Dariusz G on Mar 27

Circontrol EV Charger vulnerabilities.

1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)

The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.

When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function...

Posted by Artur Janicki via Fulldisclosure on Mar 27

[APOLOGIES FOR CROSS-POSTING]

CALL FOR PAPERS
13th International Workshop on Cyber Crime (IWCC 2024 -
https://www.ares-conference.eu/iwcc/)
to be held in conjunction with the 19th International Conference on
Availability, Reliability and Security (ARES 2024 -
http://www.ares-conference.eu)

July 30 - August 02, 2024, Vienna, Austria

IMPORTANT DATES
Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version...

Posted by malvuln on Mar 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/19a14d0414aec62ef38378de2e8b259d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Emegrab.b
Vulnerability: Remote Stack Buffer Overflow (SEH)
Family: Emegrab
Type: PE32
MD5: 19a14d0414aec62ef38378de2e8b259d
Vuln ID: MVID-2024-0675
ASLR: False
DEP: False
CFG: False
Safe SEH: False
Disclosure:...