βΌ CVE-2021-20835 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31822 βΌ
π Read
via "National Vulnerability Database".
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41192 βΌ
π Read
via "National Vulnerability Database".
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3553 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3552 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20850 βΌ
π Read
via "National Vulnerability Database".
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43777 βΌ
π Read
via "National Vulnerability Database".
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20842 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.π Read
via "National Vulnerability Database".
β 9.3M+ Androids Running βMaliciousβ Games from Huawei AppGallery β
π Read
via "Threat Post".
A new trojan called Android.Cynos.7.origin, designed to collect Android usersβ device data and phone numbers, was found in 190 games installed on over 9M Android devices.π Read
via "Threat Post".
Threat Post
9.3M+ Androids Running βMaliciousβ Games from Huawei AppGallery
A new trojan called Android.Cynos.7.origin, designed to collect Android usersβ device data and phone numbers, was found in 190 games installed on over 9M Android devices.
β US government securities watchdog spoofed by investment scammers β donβt fall for it! β
π Read
via "Naked Security".
Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.π Read
via "Naked Security".
Naked Security
US government securities watchdog spoofed by investment scammers β donβt fall for it!
Those numbers that show up on your phone to tell you whoβs calling? Treat them as SUGGESTIONS, never as PROOF.
π΄ In Appreciation: Dark Reading's Tim Wilson π΄
π Read
via "Dark Reading".
Dark Reading co-founder and editor-in-chief Tim Wilson passed away on Nov. 23.π Read
via "Dark Reading".
Dark Reading
In Appreciation: Dark Reading's Tim Wilson
Dark Reading co-founder and editor-in-chief Tim Wilson passed away on Nov. 23.
βΌ CVE-2021-43268 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34424 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22049 βΌ
π Read
via "National Vulnerability Database".
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21980 βΌ
π Read
via "National Vulnerability Database".
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34423 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36917 βΌ
π Read
via "National Vulnerability Database".
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36916 βΌ
π Read
via "National Vulnerability Database".
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38873 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.π Read
via "National Vulnerability Database".
π΄ How Threat Actors Get into OT Systems π΄
π Read
via "Dark Reading".
The convergence and integration of OT and IT has resulted in a growing number of cyber risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.π Read
via "Dark Reading".
Dark Reading
How Threat Actors Get Into OT Systems
The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.
βΌ CVE-2021-41267 βΌ
π Read
via "National Vulnerability Database".
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.π Read
via "National Vulnerability Database".