EMX CERT Global

• Vulnerability Summary for the Week of April 5, 2021
  ... read more
• La potabilizadora de un estado norteamericano ha sido comprometida
  Fecha de publicación: 31/03/2021 El ciudadano de Kansas, Wyatt A. Travnichek, de 22 años ha sido acusado por manipular supuestamente el sistema público de agua potable y dañar imprudentemente un ordenador protegido durante un acceso no autorizado. El incidente tuvo lugar el 27 de marzo de 2019 y durante el acceso al sistema informático, el ciberdelincuente paralizó los procesos ... read more
• A North American water treatment plant has been compromised
  Publication date: 03/31/2021 Wyatt A. Travnichek, a Kansas citizen, 22, has been charged for allegedly tampering with the public drinking water system and recklessly damaging a protected computer during unauthorised access. The incident took place on 27th of March 2019 and during the access to the computer system, the cybercriminal shut down cleaning and disinfection processes at facilities belonging ... read more
• CVE-2021-23371
  This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. ... read more
• CVE-2021-24211 (wordpress_related_posts)
  The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. ... read more
• CVE-2021-29996 (marktext)
  Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. ... read more
• CVE-2021-28075 (ikuaios)
  iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. ... read more
• CVE-2021-24208 (wp_page_builder)
  The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML� widget and the “Custom HTML� widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), ... read more
• CVE-2021-24212 (help_scout)
  The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. ... read more
• Weekly Threat Report 12th April 2021
  The NCSC's weekly threat report is drawn from recent open source reporting. ... read more
• CERTFR-2021-AVI-249 : Multiple vulnérabilités dans les produits SonicWall (12 avril 2021)
  Une vulnérabilité a été découverte dans les produits SonicWall. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
• CERTFR-2021-ACT-014 : Bulletin d’actualité CERTFR-2021-ACT-014 (12 avril 2021)
  Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
• Generating Realistic Non-Player Characters for Training Cyberteams
  Since 2010, researchers in the SEI CERT Division have emphasized the crucial need for realism within cyberteam training and exercise events. In this blog post, we describe efforts underway to improve the realism of non-player characters (NPCs) in training exercises with new software we have created called ANIMATOR. ... read more
• CVE-2021-24210 (phastpress)
  There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to ... read more
• CVE-2021-24209 (wp_super_cache)
  The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. ... read more
• CVE-2020-24285
  INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. ... read more
• Undladelsessynden: Københavnerne er værst
  Offentligt ansatte fra Hovedstadsområdet og Bornholm er dem, der i største grad undlader at efterleve retningslinjerne for informationssikkerhed på deres arbejdsplads. Det viser tal fra rapporten Danskernes Informationssikkerhed. Sprog Dansk Læs mere om Undladelsessynden: Københavnerne er værst ... read more
• Múltiples vulnerabilidades en varios productos de Synology
  Fecha de publicación: 12/04/2021 Importancia: Crítica Recursos afectados: DiskStation Manager (DSM), versión 6.2; DSM UC, versión 3.0; SkyNAS; VS960HD. Descripción: Se han identificado 6 vulnerabilidades de severidad crítica y otras 6 de severidad alta que podrían permitir a un atacante remoto ejecutar código arbitrario. Solución: En el caso del producto DSM, actualizar a la versión 6.2.3-25426-3 ... read more
• CVE-2021-29379
  ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer ... read more
• Múltiples vulnerabilidades en varios productos de Synology
  Publication date: 04/12/2021 Importance: Crítica Affected resources: DiskStation Manager (DSM), versión 6.2; DSM UC, versión 3.0; SkyNAS; VS960HD. Description: Se han identificado 6 vulnerabilidades de severidad crítica y otras 6 de severidad alta que podrían permitir a un atacante remoto ejecutar código arbitrario. Solution: En el caso del producto DSM, actualizar a la versión 6.2.3-25426-3 u ... read more
• Proofpoint: Nyt trick fra cyberkriminelle for at omgå mailbeskyttelse
  Antallet af phishing-angreb er i stigning på verdensplan. Det viser rapporten State of the Phish, der er udgivet af cybersikkerhedsfirmaet Proofpoint. Rapporten bygger på to tredjepartsundersøgelser med 3500 medarbejdere og 600 informationssikkerhedseksperter i syv lande. Sprog Dansk Læs mere om Proofpoint: Nyt trick fra cyberkriminelle for at omgå mailbeskyttelse ... read more
• CISA udgiver værktøj til at gennemgå Microsoft 365-aktivitet
  Agenturet for cybersikkerhed og infrastruktur (CISA) har frigivet et ’Splunk-baseret’ dashboard, der hjælper med at gennemgå ’post compromise’-aktivitet i Microsoft Azure Active Directory (AD), Office 365 (O365) og Microsoft 365 (M365) miljøer. Det skriver Bleeping Computer. CISAs nye værktøj hedder Aviary og har til formål at hjælpe sikkerhedsteams med at visualisere og analysere dataoutput genereret ved hjælp af Sparrow. Sparrow er ... read more
• CVE-2021-28876
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for ... read more
• CVE-2020-36317
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same ... read more
• CVE-2021-28879
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. ... read more
• CVE-2021-28877
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. ... read more
• CVE-2020-36318
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. ... read more
• CVE-2015-20001
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a ... read more
• CVE-2021-28878
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. ... read more
• CVE-2021-28875
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. ... read more
• ESB-2021.1210 – [Debian] qemu: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1210 qemu security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-20257 CVE-2021-20255 CVE-2021-20203 CVE-2021-3416 CVE-2021-3409 CVE-2021-3392 CVE-2020-25085 CVE-2020-17380 Reference: ESB-2021.1181 ... read more
• ESB-2020.2918.5 – UPDATE [Appliance] BIG-IP products: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2918.5 BIG-IP Server SSL vulnerability CVE-2020-5913 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP products Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-5913 Original ... read more
• ESB-2021.1209 – [Win][Linux][HP-UX][Solaris][AIX] WebSphere eXtreme Scale: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1209 Vulnerability in IBM Runtime Environment Java Technology Edition affects WebSphere eXtreme Scale 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WebSphere eXtreme Scale Publisher: IBM Operating System: Linux variants Windows AIX HP-UX Solaris Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: ... read more
• ESB-2021.1208 – [Debian] python-django: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1208 python-django security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-django Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Create Arbitrary Files -- Remote/Unauthenticated Overwrite Arbitrary Files -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-28658 Reference: ESB-2021.1153 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2622 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN ... read more
• ESB-2021.1207 – [RedHat] Red Hat Ansible Automation Platform Operator 1.2: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1207 Red Hat Ansible Automation Platform Operator 1.2 security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat Ansible Automation Platform Operator 1.2 Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Increased Privileges -- ... read more
• ESB-2021.1202 – [SUSE] fwupdate: Reduced security – Unknown/unspecified
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1202 Security update for fwupdate 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: fwupdate Publisher: SUSE Operating System: SUSE Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20211123-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1123-1 Rating: important ... read more
• ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1206 mediawiki security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-30159 CVE-2021-30158 CVE-2021-30157 CVE-2021-30155 CVE-2021-30154 ... read more
• ESB-2021.1204 – [Win][UNIX/Linux][SUSE] wpa_supplicant: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1204 Security update for wpa_supplicant 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wpa_supplicant Publisher: SUSE Operating System: SUSE UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-30004 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20211125-1 Comment: This advisory ... read more
• ESB-2021.1205 – [Debian] xen: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1205 xen security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: ... read more
• ESB-2021.1203 – [UNIX/Linux][SUSE] umoci: Overwrite arbitrary files – Existing account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1203 Security update for umoci 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: umoci Publisher: SUSE Operating System: SUSE UNIX variants (UNIX, Linux, OSX) Impact/Access: Overwrite Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-29136 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20211116-1 Comment: This advisory references vulnerabilities in products ... read more
• CVE-2021-30485
  Gravedad: NonePublicado: 11/04/2021Last revised: 11/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. ... read more
• CVE-2020-36318
  In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. ... read more
• CVE-2021-28878
  In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. ... read more
• CVE-2021-28877
  In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. ... read more
• CVE-2021-28876
  In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. ... read more
• CVE-2021-28879
  In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. ... read more
• CVE-2015-20001
  In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. ... read more
• CVE-2020-36317
  In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. ... read more
• CVE-2021-28875
  In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. ... read more
• CVE-2021-30485
  An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. ... read more