Full Disclosure: by date

21 messages starting Oct 04 24 and ending Oct 31 24
Date index | Thread index | Author index


Friday, 04 October

Some SIM / USIM card security (and ecosystem) info Security Explorations

Monday, 07 October

APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1 Apple Product Security via Fulldisclosure

Wednesday, 09 October

SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473) SEC Consult Vulnerability Lab via Fulldisclosure

Sunday, 20 October

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software Jeroen Hermans via Fulldisclosure
SEC Consult SA-20241015-0 :: Multiple Vulnerabilities in Rittal IoT Interface & CMC III Processing Unit (CVE-2024-47943, CVE-2024-47944, CVE-2024-47945) SEC Consult Vulnerability Lab via Fulldisclosure

Thursday, 24 October

Adversary3 updated with 700 malware and C2 panel vulnerabilities malvuln
[RESEARCH] DTLS 'ClientHello' Race Conditions in WebRTC Implementations Sandro Gauci via Fulldisclosure
SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG - vsm LTC Time Sync (vTimeSync) (CVE-2024-6049) SEC Consult Vulnerability Lab via Fulldisclosure

Monday, 28 October

Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Andrey Stoykov
APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-3 macOS Sequoia 15.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-6 watchOS 11.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-7 tvOS 18.1 Apple Product Security via Fulldisclosure
APPLE-SA-10-28-2024-8 visionOS 2.1 Apple Product Security via Fulldisclosure
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333) SEC Consult Vulnerability Lab via Fulldisclosure

Thursday, 31 October

SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600) SEC Consult Vulnerability Lab via Fulldisclosure
APPLE-SA-10-29-2024-1 Safari 18.1 Apple Product Security via Fulldisclosure
xlibre Xnest security advisory & bugfix releases Enrico Weigelt, metux IT consult