‼ CVE-2021-41117 ‼
📖 Read
via "National Vulnerability Database".
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with "true" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27665 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.📖 Read
via "National Vulnerability Database".
🕴 Handling Threat Intelligence Across Billions of Data Points 🕴
📖 Read
via "Dark Reading".
Graph databases can play a role in threat intelligence and unraveling sprawling data.📖 Read
via "Dark Reading".
Dark Reading
Handling Threat Intelligence Across Billions of Data Points
Graph databases can play a role in threat intelligence and unraveling sprawling data.
‼ CVE-2021-25738 ‼
📖 Read
via "National Vulnerability Database".
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40617 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42252 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27372 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40239 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40189 ‼
📖 Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40188 ‼
📖 Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.📖 Read
via "National Vulnerability Database".
🕴 7 Smart Ways a Security Team Can Win Stakeholder Trust 🕴
📖 Read
via "Dark Reading".
By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.📖 Read
via "Dark Reading".
Dark Reading
7 Smart Ways a Security Team Can Win Stakeholder Trust
By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.
🕴 Wiz Reaches $6B Valuation 🕴
📖 Read
via "Dark Reading".
Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.📖 Read
via "Dark Reading".
Dark Reading
Wiz Reaches $6B Valuation
Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.
‼ CVE-2021-42257 ‼
📖 Read
via "National Vulnerability Database".
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42260 ‼
📖 Read
via "National Vulnerability Database".
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23448 ‼
📖 Read
via "National Vulnerability Database".
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.📖 Read
via "National Vulnerability Database".
🕴 Overly Complex IT Infrastructures Pose Security Risk 🕴
📖 Read
via "Dark Reading".
Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds.📖 Read
via "Dark Reading".
Dark Reading
Overly Complex IT Infrastructures Pose Security Risk
Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds.
âš Apple quietly patches yet another iPhone 0-day – check you have 15.0.2 âš
📖 Read
via "Naked Security".
Oops!... They did it again.📖 Read
via "Naked Security".
Naked Security
Apple quietly patches yet another iPhone 0-day – check you have 15.0.2
Oops!… They did it again.
‼ CVE-2021-42009 ‼
📖 Read
via "National Vulnerability Database".
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33727 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33728 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33726 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.📖 Read
via "National Vulnerability Database".