Tuesday, May 26, 2020

VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Low Energy(BLE)Core Configuration. Like Bluetooth Classic(BR/ER),BLE is used for low-power short-range communications,but has significantly lower power consumption,making it ideal...

VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR)Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two Bluetooth...

VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files

The Samsung May 2020 Android Security Update notes that"a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution."Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as CVE-2020-8899. Google Project Zero performed extensive fuzz testing...

VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting

Periscope BuySpeed is a"tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a local,authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed...

VU#962085: Versiant LYNX Customer Service Portal is vulnerable to stored cross-site scripting

The Versiant LYNX Customer Service Portal(CSP)is a"full-service customer portal that provides real-time information to terminal operators on the status of shipments into and out of a marine container terminal". The LYNX CSP,version 3.5.2,is vulnerable to stored cross-site scripting,which could...

VU#944837: Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities

The Vertiv Avocent UMG-4000 contains multiple vulnerabilities that could allow an authenticated attacker with administrative privileges to remotely execute arbitrary code. The web interface does not sanitize input provided from the remote client,making it vulnerable to command injection,stored cross-site...

VU#354840: Microsoft Windows Type 1 font parsing remote code execution vulnerabilities

Adobe Type Manager,which is provided by atmfd.dll,is a kernel module that is provided by Windows and provides support for OpenType fonts. Two vulnerabilities in the Microsoft Windows Adobe Type Manager library may allow an unauthenticated remote attacker to execute...

VU#425163: Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

This vulnerability results from using gradient descent to determine classification of inputs via a neural network. As such,it is a vulnerability in the algorithm. In plain terms,this means that the currently-standard usage of this type of machine learning algorithm...

VU#872016: Microsoft SMBv3 compression remote code execution vulnerability

Microsoft Server Message Block 3.1.1(SMBv3)contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. It has been reported that this vulnerability...

VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

PPP is the protocol used for establishing internet links over dial-up modems,DSL connections,and many other types of point-to-point links including Virtual Private Networks(VPN)such as Point to Point Tunneling Protocol(PPTP). The pppd software can also authenticate a network connected peer...

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the...

VU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI)

IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java 1.4.2 are no longer supported. ServeRAID Manager uses a Java remote method invocation(RMI)interface on a TCP port that listens on all interfaces by...

VU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution

CVE-2020-3110 Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet...

VU#390745: OpenSMTPD vulnerable to local privilege escalation and remote code execution

OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol(SMTP)that is part of the OpenBSD Project. OpenSMTPD's smtp_mailaddr()function is responsible for validating sender and recipient mail addresses. If the local part of an address is invalid and...

VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Microsoft has released Security Advisory ADV200001,which describes a memory corruption vulnerability in the Scripting Engine. This vulnerability is being exploited in the wild.

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.

Vulnerabilities Found in Emerson SCADA Product Made for Oil and Gas Industry

A researcher from Kaspersky has identified several vulnerabilities in Emerson OpenEnterprise, a supervisory control and data acquisition (SCADA) solution designed for the oil and gas industry. read more
Bruce Schneier

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.