‼ CVE-2021-34434 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39132 ‼
📖 Read
via "National Vulnerability Database".
### Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `admin` level access to the `system` resource type The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `create` `update` or `admin` level access to a `project_acl` resource * `create` `update` or `admin` level access to the `system_acl` resource The unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only. ### Patches Versions 3.4.3, 3.3.14 ### Workarounds Please visit [https://rundeck.com/security](https://rundeck.com/security) for information about specific workarounds. ### For more information If you have any questions or comments about this advisory: * Email us at [security@rundeck.com](mailto:security@rundeck.com) To report security issues to Rundeck please use the form at [https://rundeck.com/security](https://rundeck.com/security) Reporter: Rojan Rijal from Tinder Red Team📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35062 ‼
📖 Read
via "National Vulnerability Database".
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32832 ‼
📖 Read
via "National Vulnerability Database".
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36692 ‼
📖 Read
via "National Vulnerability Database".
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36691 ‼
📖 Read
via "National Vulnerability Database".
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39133 ‼
📖 Read
via "National Vulnerability Database".
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27558 ‼
📖 Read
via "National Vulnerability Database".
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13639 ‼
📖 Read
via "National Vulnerability Database".
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39178 ‼
📖 Read
via "National Vulnerability Database".
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default or the instance is deployed on Vercel, the instance is not affected by the vulnerability. The vulnerability is patched in Next.js version 11.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36981 ‼
📖 Read
via "National Vulnerability Database".
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27557 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40330 ‼
📖 Read
via "National Vulnerability Database".
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27556 ‼
📖 Read
via "National Vulnerability Database".
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36356 ‼
📖 Read
via "National Vulnerability Database".
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.📖 Read
via "National Vulnerability Database".
❌ LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection ❌
📖 Read
via "Threat Post".
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.📖 Read
via "Threat Post".
Threat Post
LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
🦿 Cybercriminals are holding schools ransom for billions and some are paying up 🦿
📖 Read
via "Tech Republic".
A new report highlights the financial costs of school ransomware, days lost to downtime and the number of students impacted, as these incidents become a steady source of criminal income.📖 Read
via "Tech Republic".
TechRepublic
Cybercriminals are holding schools ransom for billions and some are paying up
A new report highlights the financial costs of school ransomware, days lost to downtime and the number of students impacted, as these incidents become a steady source of criminal income.
‼ CVE-2021-34578 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34559 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33555 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34565 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.📖 Read
via "National Vulnerability Database".