βοΈ Lawmakers Probe Early Release of Top RU Cybercrook βοΈ
π Read
via "Krebs on Security".
Aleksei Burkov, a cybercriminal who long operated two of Russia's most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov's extradition to the U.S. for four years -- even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as "an asset of supreme importance" was allowed to shorten his stay.π Read
via "Krebs on Security".
Krebsonsecurity
Lawmakers Probe Early Release of Top RU Cybercrook
Aleksei Burkov, a cybercriminal who long operated two of Russia's most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov's extradition to the U.S. for four years -- even arresting and jailingβ¦
β Apple patches 87 security holes β from iPhones and Macs to Windows β
π Read
via "Naked Security".
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.π Read
via "Naked Security".
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
β Most QNAP NAS Devices Affected by βDirty Pipeβ Linux Flaw β
π Read
via "Threat Post".
The βDirty Pipeβ Linux kernel flaw β a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access β affects most of QNAPβs network-attached storage (NAS) appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reported local privilege escalation vulnerability, affects the Linux kernel on QNAP [β¦]π Read
via "Threat Post".
Threat Post
Most QNAP NAS Devices Affected by βDirty Pipeβ Linux Flaw
There are currently no mitigations for the severe Linux kernel bug, QNAP warned on Monday.
βΌ CVE-2022-27214 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27195 βΌ
π Read
via "National Vulnerability Database".
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0778 βΌ
π Read
via "National Vulnerability Database".
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).π Read
via "National Vulnerability Database".
βΌ CVE-2022-27202 βΌ
π Read
via "National Vulnerability Database".
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27207 βΌ
π Read
via "National Vulnerability Database".
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0965 βΌ
π Read
via "National Vulnerability Database".
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22771 βΌ
π Read
via "National Vulnerability Database".
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27215 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27205 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0967 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27208 βΌ
π Read
via "National Vulnerability Database".
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27204 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27197 βΌ
π Read
via "National Vulnerability Database".
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27199 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27212 βΌ
π Read
via "National Vulnerability Database".
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27213 βΌ
π Read
via "National Vulnerability Database".
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0964 βΌ
π Read
via "National Vulnerability Database".
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26779 βΌ
π Read
via "National Vulnerability Database".
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.π Read
via "National Vulnerability Database".