Saturday, December 5, 2020

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71).  Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Security Updates Available for Adobe Acrobat and Reader (APSB20-67)

Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB20-67). The updates referenced in the bulletin address critical, important and moderate vulnerabilities and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and...

Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-67)

A prenotification security advisory (APSB20-67) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 03, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS”...

Apple

Apple Security Advisory 2020-11-13-7

Apple Security Advisory 2020-11-13-7 - Update 2020-005 High Sierra and Security Update 2020-005 Mojave address buffer overflow, code execution, out of bounds read, out of bounds write, and use-after-free...

Apple Security Advisory 2020-11-13-6

Apple Security Advisory 2020-11-13-6 - watchOS 7.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing,...

Apple Security Advisory 2020-11-13-5

Apple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2020-11-13-4

Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and...

AWS

Android Security Advisory

2015/07/28 - 6:00PM PST   AWS is aware of the recently reported Android security issues described in: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. These issues present a risk to all data present on your Android device, which may include AWS API or console credentials you have used on...

HeartBleed Bug Concern

April 7, 2014 AWS is aware of the HeartBleed Bug (CVE-2014-0160) in OpenSSL and investigating any impact or required remediation. We will post back when we have more detail. April 8, 2014 Update: For the latest updates, please see the bulletin AWS Services Updated to Address OpenSSL Vulnerability....

Morto Worm Spreading via Remote Desktop Protocol

August 31, 2011 A new Internet worm has been reported that spreads via Microsoft's Remote Desk Protocol (RDP). This worm scans an infected host's subnet for other hosts running RDP and attempts access to them using a pre-configured set of user names (including "administrator") and passwords. According to Microsoft,...

CERT

VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection

Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a...

VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

Overview The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can...

VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can...

Cisco

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability...

Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management...

Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability

A vulnerability in the egress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes...

Citrix

Citrix Hypervisor Security Update

CTX286511 NewCitrix Hypervisor Security UpdateApplicable Products :  Citrix HypervisorXenServer

Citrix Hypervisor Security Update

CTX285937 NewCitrix Hypervisor Security UpdateApplicable Products :  Citrix_HypervisorXenServerA security issue has been identified in Citrix Hypervisor that may allow privileged code running in a guest VM to infer details of some computations occurring in other VMs on the host.  This may, for example, be used to infer a secret encryption...

Citrix SDWAN Center Security Update

CTX285061 NewCitrix SDWAN Center Security UpdateApplicable Products :  Citrix_SD_WANMultiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root.These vulnerabilities have the followi

Drupal

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-013

Project: Drupal coreDate: 2020-November-25Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-28949CVE-2020-28948Description: The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads...

Drupal core – Critical – Remote code execution – SA-CORE-2020-012

Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.Solution: Install the latest version: If you are...

Drupal core – Moderately critical – Information disclosure – SA-CORE-2020-011

Project:  Drupal core Date:  2020-September-16 Security risk:  Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default Vulnerability:  Information disclosure CVE IDs:  CVE-2020-13670 Description:  A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. Solution:  Install the latest version: If you are...

F5 Networks

Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949 Security Advisory Security Advisory Description CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because ...

QEMU vulnerability CVE-2020-27617

QEMU vulnerability CVE-2020-27617 Security Advisory Security Advisory Description eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can ...

Jetty vulnerability CVE-2019-10247

Jetty vulnerability CVE-2019-10247 Security Advisory Security Advisory Description In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running ...

Intel CPU vulnerability CVE-2020-0591

Intel CPU vulnerability CVE-2020-0591 Security Advisory Security Advisory Description Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

Have I Been Pwned?

Home Chef – 8,815,692 breached accounts

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes....

ICS-CERT

WECON LeviStudioU (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-20-238-03 WECON LeviStudioU (Update B) that was published October 29, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the WECON Technology LeviStudioU software.

National Instruments CompactRIO

This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in National Instruments CompactRIO real-time embedded industrial controllers.    

Wibu-Systems CodeMeter (Update D)

This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Systems CodeMeter (Update C) that was published October 15, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper...

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

This advisory contains mitigations for an  Improper Privilege Management vulnerability in Schneider Electric EcoStruxure Operator Terminal Expert products.

Juniper Networks

Magento

Microsoft

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS).  This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity...

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a...

Announcing the Top MSRC 2020 Q3 Security Researchers

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3 Security Researcher Leaderboard are: David Dworken (1800 points), Cameron Vincent (1780 points), and...

Oracle

Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication...

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Symantec

Tenable

[R1] Nessus Network Monitor 5.12.1 Fixes One Vulnerability

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit...

[R1] Nessus 8.12.1 Fixes One Vulnerability

A vulnerability in Nessus 8.12.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker...

[R1] Nessus Agent 8.2.0 Fixes One Vulnerability

A vulnerability in Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this...

US-CERT

Apache Releases Security Advisory for Apache Tomcat

Original release date: December 4, 2020The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for...

Google Releases Security Updates for Chrome

Original release date: December 4, 2020Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply...

VMware Releases Security Updates to Address CVE-2020-4006

Original release date: December 3, 2020VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators...

VMware

Intrinsic Security: Best Practices for Using Automation to Simplify and Improve Threat Protection

  Cybercrime is up 600% during the COVID-19 pandemic as companies continue relying on employees working remotely. As the threat landscape evolves, security teams must remain agile in preventing and responding to an increasing volume of attacks. To stay ahead of attackers, organizations need a new approach to cybersecurity and need to implement new capabilities. Hear how VMware’s Information Security team has done just this. Join this webinar...

VMware and Tianfu Cup 2020

Greetings from VMware Security Response Center ! We wanted to post a quick acknowledgement that VMware will be a part of the Tianfu Cup International PWN Contest 2020, this year from our home offices in Palo Alto and Bangalore to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organizers for inviting us. Stay tuned for further updates. As always please sign...

WordPress

WordPress 5.5.2 Security and Maintenance Release

WordPress 5.5.2 is now available! This security and maintenance release features 14 bug fixes in addition to 10 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.5.2 is a short-cycle security and...