Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.

==========================================================================  
Ubuntu Security Notice USN-6987-1  
September 03, 2024

python-django vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:  
- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a denial of service.  
(CVE-2024-45230)

It was discovered that Django incorrectly handled certain email sending  
failures. A remote attacker could possibly use this issue to enumerate  
user emails by issuing password reset requests and observing the outcomes.  
(CVE-2024-45231)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  python3-django                  3:4.2.11-1ubuntu1.3

Ubuntu 22.04 LTS  
  python3-django                  2:3.2.12-2ubuntu1.14

Ubuntu 20.04 LTS  
  python3-django                  2:2.2.12-1ubuntu0.25

Ubuntu 18.04 LTS  
  python-django                   1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro  
  python3-django                  1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6987-1  
  CVE-2024-45230, CVE-2024-45231

Package Information:  
  https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3  
  https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14  
  https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25

Ubuntu Security Notice USN-6987-1

Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.

    =============================================================================================================================================| # Title     : Travel v1.0 Remote File Upload Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://github.com/oretnom23/php-travel-agency-system                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .<form action="http://127.0.0.1/tour/admin/operations/admin.php?id=2" method="POST" enctype="multipart/form-data">   <label for="file">Upload File:</label>  <input type="file" id="file" name="file"><br><br>  <input type="submit" name="Fcuk Up" value="Fcuk Up"></form>[+] Go to the line 1.[+] Set the target site link Save changes and apply . [+] infected file : /tour/admin/operations/admin.php. [+] save code as poc.html .[+] Path : http://127.0.0.1/tour/admin/upload/webadmin.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Online Travel Agency System 1.0 Shell Upload

Red Hat Security Advisory 2024-6297-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6297.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:6297-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6297  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2021-47138  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: cxgb4: avoid accessing registers when clearing filters (CVE-2021-47138)

* kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (CVE-2024-26698)

* kernel: mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659)

* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

* kernel: vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

* kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free (CVE-2021-47378)

* kernel: userfaultfd: fix a race between writeprotect and exit_mmap() (CVE-2021-47461)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47138

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2271484  
https://bugzilla.redhat.com/show_bug.cgi?id=2273117  
https://bugzilla.redhat.com/show_bug.cgi?id=2277801  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2282362  
https://bugzilla.redhat.com/show_bug.cgi?id=2282896  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293429  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2298132  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297

Red Hat Security Advisory 2024-6297-03

Red Hat Security Advisory 2024-6274-03 - Red Hat OpenShift distributed tracing 3.3.0.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6274.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenShift distributed tracing 3.3.0 operator/operand containersAdvisory ID:        RHSA-2024:6274-03Product:            Red Hat OpenShift distributed tracingAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6274Issue date:         2024-09-04Revision:           03CVE Names:          ====================================================================Summary: Red Hat OpenShift distributed tracing 3.3.0Description:Release of Red Hat OpenShift distributed tracing provides these changes:Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#moderatehttps://issues.redhat.com/browse/TRACING-3768https://issues.redhat.com/browse/TRACING-3954https://issues.redhat.com/browse/TRACING-3984https://issues.redhat.com/browse/TRACING-4176https://issues.redhat.com/browse/TRACING-4177https://issues.redhat.com/browse/TRACING-4179https://issues.redhat.com/browse/TRACING-4185https://issues.redhat.com/browse/TRACING-4186https://issues.redhat.com/browse/TRACING-4187https://issues.redhat.com/browse/TRACING-4188https://issues.redhat.com/browse/TRACING-4201https://issues.redhat.com/browse/TRACING-4214https://issues.redhat.com/browse/TRACING-4288https://issues.redhat.com/browse/TRACING-4303https://issues.redhat.com/browse/TRACING-4348https://issues.redhat.com/browse/TRACING-4486https://issues.redhat.com/browse/TRACING-4497https://issues.redhat.com/browse/TRACING-4527

Red Hat Security Advisory 2024-6274-03

Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Tourism Management System 1.0 Auth BY Pass Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : ' or 0=0 ##[+] http://localhost/tourism/admin/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tourism Management System 1.0 SQL Injection

Red Hat Security Advisory 2024-6268-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6268.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:6268-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6268  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2024-26946  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)

* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)

* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26946

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278206  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281677  
https://bugzilla.redhat.com/show_bug.cgi?id=2281727  
https://bugzilla.redhat.com/show_bug.cgi?id=2293423  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297474  
https://bugzilla.redhat.com/show_bug.cgi?id=2297498  
https://bugzilla.redhat.com/show_bug.cgi?id=2297540  
https://bugzilla.redhat.com/show_bug.cgi?id=2297562  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2300414  
https://bugzilla.redhat.com/show_bug.cgi?id=2301465  
https://bugzilla.redhat.com/show_bug.cgi?id=2301496

Red Hat Security Advisory 2024-6268-03

Red Hat Security Advisory 2024-6267-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6267.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:6267-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6267  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2024-26946  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)

* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)

* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26946

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278206  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281677  
https://bugzilla.redhat.com/show_bug.cgi?id=2281727  
https://bugzilla.redhat.com/show_bug.cgi?id=2293423  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297474  
https://bugzilla.redhat.com/show_bug.cgi?id=2297498  
https://bugzilla.redhat.com/show_bug.cgi?id=2297540  
https://bugzilla.redhat.com/show_bug.cgi?id=2297562  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2300414  
https://bugzilla.redhat.com/show_bug.cgi?id=2301465  
https://bugzilla.redhat.com/show_bug.cgi?id=2301496

Red Hat Security Advisory 2024-6267-03

This paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work. This is an updated copy of their data from 09/03/2024.

THC Tips, Tricks, And Hacks Cheat Sheet 20240903

Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. Authentication is necessary for successful exploitation. The execution of the exploit is trivial and might affect other systems if the applications folder is shared between multiple systems in which case the vulnerability can be used for lateral movement.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Title  
=====

SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary   
Hijacking in Vivavis HIGH-LEIT

Status  
======

PUBLISHED

Version  
=======

1.0

CVE reference  
=============

CVE-2024-38456

Link  
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-001/

Text-only version:  
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-001.txt

Affected products/vendor  
========================

HIGH-LEIT by VIVAVIS AG[0]. Version 4 and 5 are different product lines,   
both are affected:

HIGH-LEIT 4 Version 4.25.00.00 to 4.25.01.01 (patch available)  
HIGH-LEIT 5 Version = 5.08.01.03 (no patch available, planned for   
31.10.2024)

Summary  
=======

HIGH-LEIT is a scalable SCADA network control system designed for   
infrastructure applications in the energy, water supply, wastewater, and   
environmental sectors, as well as associated utilities and industrial   
applications. HIGH-LEIT is used for operational networks in critical   
infrastructure.  
The Windows services "HL-InstallService-hlnt" for HIGH-LEIT Version 4   
and "HL-InstallService-hlxw" for Version 5 allow for an authenticated   
attackers in the Active Directory group "HL-TS-Gruppe" to escalate their   
privileges to local system.

Risk  
====

The vulnerability allows attackers to execute arbitrary code as local   
system on systems where the "HL-InstallService-hlxw" or   
"HL-InstallService-hlnt" Windows service is running. Authentication is   
necessary for successful exploitation. The execution of the exploit is   
trivial and might affect other systems if the applications folder is   
shared between multiple systems in which case the vulnerability can be   
used for lateral movement.

Description  
===========

During a penetration test, SCHUTZWERK tested a terminal server part of   
an internal OT Network. The software HIGH-LEIT 5 was found to be   
installed on this terminal server.

HIGH-LEIT 5 has a windows service named "HL-InstallService-hlxw", that   
runs as local system with start mode "autostart". By default, for   
affected versions, the executable "D:\hlxw\update\bin\prunsrv.exe" is   
modifiable by the Active Directory group "HL-TS-Gruppe". The granted   
modify permission on "D:\hlxw\update\bin\prunsrv.exe" is inherited from   
the modify permission on the folder "D:\hlxw". The Active Directory   
group "HL-TS-Gruppe" is needed for every user interacting with the   
HIGH-LEIT software. This means this exploit is available from any   
HIGH-LEIT user with low privileges (e.g. auditors with read-only   
permissions). The user can modify the executable "prunsrv.exe" and wait   
for or force a system reboot. Afterwards the modified "prunsrv.exe" is   
executed as local system on the server.

Solution/Mitigation  
===================

For HIGH-LEIT Version 4:  
- - Update to version 4.25.01.02 or newer, or  
- - apply the vendors workaround via GPO to mitigate the vulnerability, or  
- - manually remove the modify permission of the Active Directory group   
"HL-TS-Gruppe" on the folder "D:\hlnt".

For HIGH-LEIT Version 5:  
- - Update to version 5.8.01.04 (release planned for 31.10.24), or  
- - apply the vendors workaround via GPO to mitigate the vulnerability, or  
- - manually remove the modify permission of the Active Directory group   
"HL-TS-Gruppe" on the folder "D:\hlxw".

Disclosure timeline  
===================

2024-05-14: Vulnerability discovered  
2024-05-14: Vulnerability reported and presented to affected customer  
2024-05-16: Vulnerability presented to vendor  
2024-05-16: Vulnerability details reported to vendor  
2024-05-17: Vendor started working on patch  
2024-05-22: Vendor started deploying workaround to customers  
2024-06-05: Green light from customer for Advisory  
2024-06-13: Patch for HIGH-LEIT 4 finished  
2024-06-13: Meeting with vendor to plan disclosure/patch release  
2024-06-14: CVE-2024-38456 reserved  
2024-08-16: Vendor finished deployment of patch/workaround for all   
affected customers  
2024-08-16: Meeting with vendor to plan disclosure  
2024-08-23: Meeting with vendor to plan disclosure  
2024-09-02: Disclosure by SCHUTZWERK  
2024-09-02: Disclosure by vendor at   
https://www.vivavis.com/service/it-security-bulletin/

Contact/Credits  
===============

The vulnerability was discovered during an assessment by Lukas Krieg   
(lkrieg@schutzwerk.com) of SCHUTZWERK GmbH.

References  
==========

[0] https://www.vivavis.com/loesung/leittechnik/high-leit/  
[1] https://www.vivavis.com/service/it-security-bulletin/

Disclaimer  
==========

The information provided in this security advisory is provided "as is"   
and without warranty of any kind. Details of this security advisory may   
be updated in order to provide as accurate information as possible. The   
most recent version of this security advisory can be found at SCHUTZWERK   
GmbH's website ( https://www.schutzwerk.com ).

SCHUTZWERK Advisories: https://www.schutzwerk.com/blog/tags/advisories/

SCHUTZWERK Advisory Policy: https://www.schutzwerk.com/en/advisories/  
-----BEGIN PGP SIGNATURE-----

iQJOBAEBCgA4FiEEgLsg7Oj/wY3LSF87GrXfkTIXLrsFAmbVfC0aHGFkdmlzb3Jp  
ZXNAc2NodXR6d2Vyay5jb20ACgkQGrXfkTIXLrvLwhAAmq8ALbZdWarhHZGgPAMJ  
5mU/24qCCY5M3roi4zBv9GFzSbJVF4TdgpceOkyrCYHtTZWGEYdc8ewd6DLarweH  
Kcj+KyCA6JIbb94E2CVrDAXgpjJWsvG1CSvHax+erG/FppEk/ud9t+DJhCSVbkMT  
KeqTz1G02tpKnHVgd2ogVF9ydJVdEcV4QJD/tkUfQukWomIGNRt+JNoxcCv362H1  
fk3uVghrXxWeo3P0oDvWg4S2+3IEZPPtW1PCqfo9SFO2Ll7xF/2015Hl1Sn0TOAA  
y4JJqDNOwIN5hIP6JvIs+W6uLLU3IGFUEWg1CiplOY3CC1kfEorQtvsDamNq9QWF  
2r6CaWNN2FYpHkiEygYJsnn8Z3vzqqQQnaym2mwlsxe0ggutADCg2FbkybqTUF+D  
fUGoQjaq7eojUTGS7fgNlOUua2euImjv9NMpzg00yMb6os6P+HetT+fv2G67TLKS  
ptqQ73H+On4h2DP/DPkF1q7hBBZtT1I2Xx6er65AtSKjwOsLBOWSR1BNW+QJ/D56  
pPhYHR+lVakHO/TMzILys5dPSXY3TU1iX0XpgvddIqONgViMR54a5MV/Vv1lL9xb  
qEcGtqtX84cg74vQuwUbl69pP+69Y+ACDoBdaemRex1tjR6seFBI27XRsn+E8a+a  
kQGdwKyB2qT0UNuLyFhcVi4=  
=3K1g  
-----END PGP SIGNATURE-----  
--   
SCHUTZWERK GmbH, Pfarrer-Weiß-Weg 12, 89077 Ulm, Germany  
Zertifiziert / Certified ISO 27001, 9001 and TISAX

Phone +49 731 977 191 0

advisories@schutzwerk.com / www.schutzwerk.com

Geschäftsführer / Managing Directors:  
Jakob Pietzka, Michael Schäfer

Amtsgericht Ulm /  HRB 727391  
Datenschutz / Data Protection www.schutzwerk.com/datenschutz

Vivavis HIGH-LEIT 4 / 5 Privilege Escalation

Texas Instruments Fusion Digital Power Designer version 7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.

    Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1Credit: Gionathan Armando Reale//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  Fusion Digital Power Designer - Version 7.10.1# Vendor:   Texas Instruments# CVE ID:   CVE-2024-41629# Vulnerability Title: Insufficiently Protected Credentials# Severity: Medium# Author(s): Gionathan Armando Reale# Date:     2024-08-15##############################################################Introduction:An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.Vulnerability PoC:1. Create a connection within the application that requires credentials.2. Access the file "C:/Program Files (x86)/Texas Instruments/Fusion Digial Power Designer/data/prefs-shared.xml"3. Notice the credentials stored as plaintext./////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Source

Packet Storm