IS Security CERT Global

• CERTFR-2021-ACT-045 : Bulletin d’actualité CERTFR-2021-ACT-045 (18 octobre 2021)
  Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
• CERTFR-2021-AVI-794 : Vulnérabilité dans Check Point Mobile Access Portal Agent (18 octobre 2021)
  Une vulnérabilité a été découverte dans Check Point Mobile Access Portal Agent. Elle permet à un attaquant de provoquer une exécution de code arbitraire. ... read more
• CVE-2021-33728 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due ... read more
• CVE-2021-33725 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path ... read more
• CVE-2021-33733 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-33730 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-33731 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-0583 (android)
  In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User ... read more
• CVE-2021-33726 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does ... read more
• CVE-2021-33729 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could ... read more
• CVE-2021-33727 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker ... read more
• CVE-2021-33732 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-24754
  The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an ... read more
• CVE-2021-41990
  The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed ... read more
• CVE-2021-24752
  Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the ... read more
• CVE-2021-32609
  Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious ... read more
• CVE-2021-42576
  The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. ... read more
• CVE-2021-42575
  The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. ... read more
• CVE-2021-41971
  Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom ... read more
• CVE-2021-24760
  The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site ... read more
• CVE-2021-41991
  The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of ... read more
• CVE-2021-42098
  An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. ... read more
• GhiHorn: Path Analysis in Ghidra Using SMT Solvers
  We believe that many common challenges in malware analysis and reverse engineering can be framed in terms of finding a path to a specific point in a program. ... read more
• Vulnerability Summary for the Week of October 11, 2021
  ... read more
• CVE-2021-40542 (opensis)
  Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. ... read more
• CVE-2021-33722 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this ... read more
• CVE-2021-33723 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With ... read more
• CVE-2021-40888 (projectsend)
  Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function ... read more
• CVE-2021-40887 (projectsend)
  Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any ... read more
• CVE-2021-33724 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an ... read more
• CVE-2021-40543 (opensis)
  Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. ... read more
• CVE-2021-27002 (cloud_manager)
  NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. ... read more
• CVE-2021-40191 (dzzoffice)
  Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in ... read more
• CVE-2021-29005 (rconfig)
  Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege ... read more
• CVE-2020-8291
  A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. ... read more
• CVE-2021-38436
  FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability ... read more
• CVE-2021-33023
  Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. ... read more
• CVE-2021-38440
  FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information. ... read more
• CVE-2021-38438
  A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code ... read more
• CVE-2021-38442
  FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability ... read more
• CVE-2021-38426
  FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability ... read more
• CVE-2021-38430
  FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability ... read more
• CVE-2021-38434
  FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this ... read more
• CVE-2021-21796
  An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed ... read more
• NetApp Security Update
  NetApp has released security updates to address vulnerability in its multiple products. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and Administrators ... read more
• Oracle Linux Security Update
  Oracle has released security updates to address vulnerabilities affecting Oracle Linux Enterprise. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
• SUSE Security Update
  SUSE has released security updates to address vulnerabilities affecting Mozilla Firefox in SUSE Linux Enterprise. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. ... read more
• Ubuntu Security Update
  Ubuntu has released security updates to address vulnerabilities in Linux Kernel. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are ... read more
• Red Hat Security Update
  Red Hat has released security updates to address vulnerabilities in Red Hat Linux Enterprise. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users ... read more
• Debian Security Update
  Debian has released security updates to address vulnerabilities in Tomcat9. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrator are encouraged ... read more
Older posts