‼ CVE-2021-32687 ‼
📖 Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39347 ‼
📖 Read
via "National Vulnerability Database".
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41099 ‼
📖 Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38400 ‼
📖 Read
via "National Vulnerability Database".
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41578 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38396 ‼
📖 Read
via "National Vulnerability Database".
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32628 ‼
📖 Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41118 ‼
📖 Read
via "National Vulnerability Database".
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32626 ‼
📖 Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32762 ‼
📖 Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41100 ‼
📖 Read
via "National Vulnerability Database".
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23857 ‼
📖 Read
via "National Vulnerability Database".
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38394 ‼
📖 Read
via "National Vulnerability Database".
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38618 ‼
📖 Read
via "National Vulnerability Database".
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38398 ‼
📖 Read
via "National Vulnerability Database".
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.📖 Read
via "National Vulnerability Database".
❌ Encrypted & Fileless Malware Sees Big Growth ❌
📖 Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.📖 Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
❌ Encrypted & Fileless Malware Sees Big Growth ❌
📖 Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.📖 Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
❌ Encrypted & Fileless Malware Sees Big Growth ❌
📖 Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.📖 Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
❌ Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR ❌
📖 Read
via "Threat Post".
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.📖 Read
via "Threat Post".
Threat Post
Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.
🕴 One Identity Acquires OneLogin to Boost Identity Security Portfolio 🕴
📖 Read
via "Dark Reading".
The combination of One Identity and OneLogin will provide customers with a unified identity security platform to manage identities and networks.📖 Read
via "Dark Reading".
Dark Reading
One Identity Acquires OneLogin to Boost Identity Security Portfolio
The combination of One Identity and OneLogin will provide customers with a unified identity security platform to manage identities and networks.
‼ CVE-2020-21431 ‼
📖 Read
via "National Vulnerability Database".
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.📖 Read
via "National Vulnerability Database".