โผ CVE-2021-44043 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43807 โผ
๐ Read
via "National Vulnerability Database".
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case.๐ Read
via "National Vulnerability Database".
๐ฆฟ Get a year of PlayStation Plus, a lifetime of learning and maximum VPN protection for $64 ๐ฆฟ
๐ Read
via "Tech Republic".
You can send your career soaring by learning highly paid skills online from over 1,000 courses without worrying about security, and enjoy a bit of extra gaming during your breaks.๐ Read
via "Tech Republic".
TechRepublic
Get a year of PlayStation Plus, a lifetime of learning and maximum VPN protection for $64
You can send your career soaring by learning highly paid skills online from over 1,000 courses without worrying about security, and enjoy a bit of extra gaming during your breaks.
โ๏ธ Inside Irelandโs Public Healthcare Ransomware Scare โ๏ธ
๐ Read
via "Krebs on Security".
The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system's IT administrators failed to respond to multiple warning signs that a massive attack was imminent.๐ Read
via "Krebs on Security".
Krebsonsecurity
Inside Irelandโs Public Healthcare Ransomware Scare
The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initialโฆ
โ 400 Banksโ Customers Targeted with Anubis Trojan โ
๐ Read
via "Threat Post".
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.๐ Read
via "Threat Post".
Threat Post
400 Banksโ Customers Targeted with Anubis Trojan
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
๐ฆฟ New Microsoft Exchange credential stealing malware could be worse than phishing ๐ฆฟ
๐ Read
via "Tech Republic".
While looking for additional Exchange vulnerabilities in the wake of this year's zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.๐ Read
via "Tech Republic".
โผ CVE-2021-34426 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a userรขโฌโขs Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a userรขโฌโขs local system.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43821 โผ
๐ Read
via "National Vulnerability Database".
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39183 โผ
๐ Read
via "National Vulnerability Database".
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4108 โผ
๐ Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')๐ Read
via "National Vulnerability Database".
โผ CVE-2021-34425 โผ
๐ Read
via "National Vulnerability Database".
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chatรขโฌโขs รขโฌลlink previewรขโฌ๏ฟฝ functionality. In versions prior to 5.7.3, if a user were to enable the chatรขโฌโขs รขโฌลlink previewรขโฌ๏ฟฝ feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43829 โผ
๐ Read
via "National Vulnerability Database".
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43820 โผ
๐ Read
via "National Vulnerability Database".
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2018-10228 โผ
๐ Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43051 โผ
๐ Read
via "National Vulnerability Database".
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43828 โผ
๐ Read
via "National Vulnerability Database".
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43830 โผ
๐ Read
via "National Vulnerability Database".
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you're upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44948 โผ
๐ Read
via "National Vulnerability Database".
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40883 โผ
๐ Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4044 โผ
๐ Read
via "National Vulnerability Database".
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-45046 โผ
๐ Read
via "National Vulnerability Database".
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (<2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).๐ Read
via "National Vulnerability Database".