‼ CVE-2021-22263 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25633 ‼
📖 Read
via "National Vulnerability Database".
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20122 ‼
📖 Read
via "National Vulnerability Database".
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39317 ‼
📖 Read
via "National Vulnerability Database".
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26588 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37123 ‼
📖 Read
via "National Vulnerability Database".
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41117 ‼
📖 Read
via "National Vulnerability Database".
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with "true" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27665 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.📖 Read
via "National Vulnerability Database".
🕴 Handling Threat Intelligence Across Billions of Data Points 🕴
📖 Read
via "Dark Reading".
Graph databases can play a role in threat intelligence and unraveling sprawling data.📖 Read
via "Dark Reading".
Dark Reading
Handling Threat Intelligence Across Billions of Data Points
Graph databases can play a role in threat intelligence and unraveling sprawling data.
‼ CVE-2021-25738 ‼
📖 Read
via "National Vulnerability Database".
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40617 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42252 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27372 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40239 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40189 ‼
📖 Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40188 ‼
📖 Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.📖 Read
via "National Vulnerability Database".
🕴 7 Smart Ways a Security Team Can Win Stakeholder Trust 🕴
📖 Read
via "Dark Reading".
By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.📖 Read
via "Dark Reading".
Dark Reading
7 Smart Ways a Security Team Can Win Stakeholder Trust
By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.
🕴 Wiz Reaches $6B Valuation 🕴
📖 Read
via "Dark Reading".
Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.📖 Read
via "Dark Reading".
Dark Reading
Wiz Reaches $6B Valuation
Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.
‼ CVE-2021-42257 ‼
📖 Read
via "National Vulnerability Database".
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42260 ‼
📖 Read
via "National Vulnerability Database".
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23448 ‼
📖 Read
via "National Vulnerability Database".
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.📖 Read
via "National Vulnerability Database".