Thursday, June 1, 2023

Adobe

Apple

Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.

Apple Security Advisory 2023-05-18-2

Apple Security Advisory 2023-05-18-2 - iOS 15.7.6 and iPadOS 15.7.6 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-05-18-7

Apple Security Advisory 2023-05-18-7 - watchOS 9.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-05-18-8

Apple Security Advisory 2023-05-18-8 - Safari 16.5 addresses buffer overflow, code execution, out of bounds read, and use-after-free vulnerabilities.

AWS

Reported GuardDuty Finding Issue

Initial Publication Date: 05/18/2023 10:00AM EST A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty...

Issue With IAM Supporting Multiple MFA Devices

Initial Publication Date: 04/25/2023 10:00AM EST A security researcher recently reported an issue with AWS’s recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user...

Reported ECR Public Gallery Issue

Initial Publication Date: 12/13/2022 9:00AM EST On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry (ECR) Public Gallery, a public website for finding and sharing public container images. The researcher identified an ECR API action that, if called, could have enabled modification...

CERT

VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November...

VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: A buffer overflow during HTTP Basic Authentication allowing...

VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass vulnerability that...

Cisco

Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI...

Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON....

Cisco Identity Services Engine Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the...

Citrix

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488

CTX477714 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488Applicable Products :  Citrix ADCCitrix Gateway

Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483

CTX477616 NewCitrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483Applicable Products :  Citrix Virtual Apps and Desktops

Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485

CTX477617 UpdatedCitrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485Applicable Products :  Citrix Workspace App

Drupal

Drupal core – Moderately critical – Access bypass – SA-CORE-2023-005

Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for...

Drupal core – Moderately critical – Access bypass – SA-CORE-2023-004

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: <7.95 || >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be...

Drupal core – Moderately critical – Information Disclosure – SA-CORE-2023-003

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 13∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureAffected versions: >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module...

F5 Networks

K000133759 : Python vulnerability CVE-2020-26116

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP ...

K48187630 : Multiple grub2 vulnerabilities

Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads ...

K000134818 : Python XML RPC vulnerability CVE-2019-16935

Security Advisory Description The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/ ...

K000134793 : OpenJDK vulnerability CVE-2018-2952

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: ...

Have I Been Pwned?

RaidForums – 478,604 breached accounts

In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes. The data was provided to...

Polish Credentials – 1,204,870 breached accounts

In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included...

Luxottica – 77,093,812 breached accounts

In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in late 2022 and included email and physical addresses, names, genders,...

ICS-CERT

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data acquisition (SCADA) server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports this vulnerability affect the following WebAccess/SCADA product: WebAccess/SCADA: version 8.4.5 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT TYPE DISTINCTION CWE-351  If...

Moxa MXsecurity Series

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized user to bypass authentication or to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Moxa reports these vulnerabilities affect the following MXsecurity Series: MXsecurity...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape, Cscape EnvisionRV Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read, Use After Free, Access of Uninitialized Pointer, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and to execute arbitrary...

Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x Products

1. EXECUTIVE SUMMARY CVSS v3 8.1  ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS65x, AFS67x, AFR67x and AFF66x series products Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or lead to a Denial-of-Service (DoS).   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s AFS65x, AFS67x, AFR67x...

Juniper Networks

Magento

Microsoft

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to...

Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code...

2023 年 5 月のセキュリティ更新プログラム (月例)

2023 年 5 月 9 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

Oracle

Splunk

SVD-2023-0213: Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.

SVD-2023-0214: Splunk Response to the Apache Software Foundation Publishing a Vulnerability on Apache Commons Text (CVE-2022-42889) (Text4Shell)

The Apache Security Team disclosed a critical vulnerability, CVE-2022-42889, that affects the Apache Common Text library. For more information, see the Apache Software Foundation’s advisory. Vulnerability CVE-2022-42889 does not affect Splunk products.

Symantec

Tenable

[R1] Nessus Version 10.5.2 Fixes Multiple Vulnerabilities

Nessus Version 10.5.2 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/11/2023 - 15:20 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components (libxml2, libxslt) were found to contain vulnerabilities, and updated versions have been made...

[R1] Nessus Network Monitor Version 6.2.1 Fixes Multiple Vulnerabilities

Nessus Network Monitor Version 6.2.1 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 05/09/2023 - 11:12 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, expat) were found to contain vulnerabilities, and updated...

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1

Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1 Arnie Cabral Mon, 04/24/2023 - 11:47 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (PHP) was found to contain vulnerabilities, and...

US-CERT

VMware

Going from E to X in Detection & Response

The first SOC I toured was that of a major US bank, circa 2000. That SOC, and the many others I’ve stepped foot in since relied heavily on a SIEM to play the twin roles of centralized data collection and correlation. Later SOAR platforms were developed as richer and more capable automation engines, based on the SIEM data set.  However, being log-driven SIEM/SOARs are wholly reliant on an upstream control...

It’s Raining Implants: How to Generate C2 Framework Implants At Scale

Command-and-control (C2) frameworks serve as a means to remotely manage and access compromised devices. They allow for the creation of various payload types, called implants, that are dropped on victim machines by attackers, enabling them to retain access and control over the infected victim.  While legitimate penetration testing utilizes C2 frameworks to evaluate system security and identify potential attacks, cyber-criminals have also taken advantage of these tools for malicious purposes....

WordPress

WordPress 6.2.2 Security Release

WordPress 6.2.2 is now available! The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated. WordPress 6.2.2 is a rapid response release to address a regression...

WordPress 6.2.1 Maintenance & Security Release

WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. This release also features several security fixes. Because this is a...

WordPress 6.0.3 Security Release

WordPress 6.0.3 is now available! This release features several security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 6.0.3 is a short-cycle release. The next major release will be version 6.1 planned for...