Tuesday, September 26, 2023

Adobe

Apple

Apple Security Advisory 2023-09-21-7

Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.

Apple Security Advisory 2023-09-21-6

Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-5

Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-4

Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.

AWS

Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893)

Publication Date: 2023/08/23 10:00 AM PDT AWS is aware of three security issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893) in Kubernetes that affect Amazon EKS customers with Windows EC2 nodes in their clusters. These issues do not affect any Kubernetes control plane or the service itself, nor do these issues permit...

CVE-2022-40982 – Gather Data Sampling – Downfall

Publication Date: 2023/08/08 1:00 PM PDT AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this...

CVE-2023-20569 – RAS Poisoning – Inception

Publication Date: 2023/08/08 11:30AM PDT AWS is aware of CVE-2023-20569, also known as “RAS Poisoning” or “Inception”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues....

CERT

VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the...

VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access...

VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account

Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary...

Cisco

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression...

Cisco IOS XR Software Image Verification Vulnerability

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation...

Cisco IOS XR Software Access Control List Bypass Vulnerability

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting...

Citrix

Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982

CTX569353 UpdatedCitrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982Applicable Products :  Citrix HypervisorXenServer

Citrix Hypervisor Security Update for CVE-2023-20593

CTX566835 UpdatedCitrix Hypervisor Security Update for CVE-2023-20593Applicable Products :  Citrix HypervisorXenServer

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

CTX561482 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467Applicable Products :  Citrix ADCCitrix Gateway

Drupal

Drupal core – Critical – Cache poisoning – SA-CORE-2023-006

Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 =10.0 = 10.1 <10.1.4Description: In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module...

Drupal core – Moderately critical – Access bypass – SA-CORE-2023-005

Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for...

Drupal core – Moderately critical – Access bypass – SA-CORE-2023-004

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: <7.95 || >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be...

F5 Networks

K23421535 : Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824

Security Advisory Description CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22823 build_model in xmlparse.c in Expat (aka libexpat) ...

K000136957 : Apache struts vulnerability CVE-2023-41835

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ...

K000136924 : Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was ...

K000136903 : OpenSSL Diffie-Hellman vulnerability CVE-2023-3446

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_ ...

Have I Been Pwned?

ApexSMS – 23,246,481 breached accounts

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic...

dBforums – 363,468 breached accounts

In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.

MalindoAir – 4,328,232 breached accounts

In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later...

ICS-CERT

Baker Hughes Bently Nevada 3500

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baker Hughes - Bently Nevada Equipment: Bently Nevada 3500 System Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive...

Advantech EKI-1524-CE series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech serial device servers are affected: EKI-1524-CE...

Hitachi Energy Asset Suite 9

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to enter an arbitrary password to execute equipment tag out actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports these vulnerabilities affect the...

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Suprema Inc. Equipment: BioStar 2 Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a SQL injection to execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Suprema BioStar...

Juniper Networks

Magento

Microsoft

Journey Down Under: How Rocco Became Australia’s Premier Hacker

Fun facts about Rocco: Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher. Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits. Old-school cinema enthusiast: Rocco’s favorite...

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive...

Results of Major Technical Investigations for Storm-0558 Key Acquisition

On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical...

Oracle

Splunk

SVD-2023-0801: Reflected Cross-site Scripting (XSS) on “/app/search/table” web endpoint

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.

SVD-2023-0804: Remote Code Execution via Serialized Session Payload

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

Symantec

Tenable

[R1] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities

Nessus Version 10.5.5 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 09/21/2023 - 10:55 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary file write vulnerability exists...

[R1] Tenable Core on Oracle Linux 8 General Advisory

Tenable Core on Oracle Linux 8 General Advisory Arnie Cabral Wed, 09/06/2023 - 06:19 Tenable Core is currently built on CentOS 7, which will be reaching end of life (EoL) on June 30, 2024. As a result of the...

[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities

Nessus Version 10.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/29/2023 - 04:44 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary file write vulnerability exists...

US-CERT

VMware

Embrace the Security Mindset: Design Decisions for a Fortified Next-Generation Multi-Cloud Infrastructure Platform

The ever-changing threat landscape necessitates a paradigm shift in the way we approach cybersecurity. Embracing change is no longer an option; it’s a necessity to properly mount a defense against today’s cyber threats. Effective security requires a mindset shift that involves a collective effort across the organization with everyone having a role to play – not just select teams or individuals. The Security Mindset is about making security ubiquitous...

VMware Carbon Black Emerges as a Leader in Frost & Sullivan’s 2023 XDR Report

Today’s volatile threat landscape has made every organization focused on staying a step ahead of attackers. According to Frost & Sullivan’s new Extended Detection and Response (XDR) 2023 report, VMware Carbon Black is more than helping enterprises keep ahead: we’re pushing the industry forward. In the latest Frost Radar Report, VMware Carbon Black emerges as a leading XDR vendor, situated prominently in both of Frost & Sullivan’s Radar categories...

WordPress

WordPress 6.2.2 Security Release

WordPress 6.2.2 is now available! The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated. WordPress 6.2.2 is a rapid response release to address a regression...

WordPress 6.2.1 Maintenance & Security Release

WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. This release also features several security fixes. Because this is a...