βΌ CVE-2021-36417 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42559 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23106 βΌ
π Read
via "National Vulnerability Database".
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43960 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23112 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23107 βΌ
π Read
via "National Vulnerability Database".
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23110 βΌ
π Read
via "National Vulnerability Database".
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42560 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45449 βΌ
π Read
via "National Vulnerability Database".
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the userΓ’β¬β’s local files.π Read
via "National Vulnerability Database".
β Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft β
π Read
via "Threat Post".
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.π Read
via "Threat Post".
Threat Post
Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.
β Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign β
π Read
via "Threat Post".
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.π Read
via "Threat Post".
Threat Post
Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.
π΄ New Research Reveals Public-Sector IAM Weaknesses and Priorities π΄
π Read
via "Dark Reading".
Auth0 Public Sector Index shows that governments are struggling to provide trustworthy online citizen services.π Read
via "Dark Reading".
Dark Reading
New Research Reveals Public-Sector IAM Weaknesses and Priorities
Auth0 Public Sector Index shows that governments are struggling to provide trustworthy online citizen services.
π΄ Oxeye Introduce Open Source Payload Deobfuscation Tool π΄
π Read
via "Dark Reading".
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.π Read
via "Dark Reading".
Dark Reading
Oxeye Introduce Open Source Payload Deobfuscation Tool
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.
βΌ CVE-2021-37529 βΌ
π Read
via "National Vulnerability Database".
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40565 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40566 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37530 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40559 βΌ
π Read
via "National Vulnerability Database".
A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43860 βΌ
π Read
via "National Vulnerability Database".
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40564 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40563 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.π Read
via "National Vulnerability Database".