Commits 09/10/2021

Sequenza temporale

Voce

Campo

Commit Conf

Approve Conf

IDUtenteVoceCampoModificareOsservazioniAccettatoMotivoC
11694484VulD...183948cve_nvd_summaryMultiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.mitre.org09/10/2021accettato
70
11694483VulD...183947cve_nvd_summaryA vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.mitre.org09/10/2021accettato
70
11694482VulD...183946cve_nvd_summaryA vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.mitre.org09/10/2021accettato
70
11694481VulD...183945cve_nvd_summaryAn issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.mitre.org09/10/2021accettato
70
11694480VulD...183944cve_nvd_summaryPterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `[email protected]__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere.mitre.org09/10/2021accettato
70
11694479VulD...183944cve_nvd_summaryPterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere.mitre.org09/10/2021accettato
70
11694478VulD...183944confirm_urlhttps://github.com/pterodactyl/panel/security/advisories/GHSA-5vfx-8w6m-h3v4github.com09/10/2021accettato
70
11694477VulD...183943cve_nvd_summaryA vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.mitre.org09/10/2021accettato
70
11694476VulD...183942cve_nvd_summaryA vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.mitre.org09/10/2021accettato
70
11694475VulD...183941cve_nvd_summaryA vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.mitre.org09/10/2021accettato
70
11694474VulD...183940cve_nvd_summaryA vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.mitre.org09/10/2021accettato
70
11694473VulD...183939cve_nvd_summaryA vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.mitre.org09/10/2021accettato
70
11694472VulD...183938cve_nvd_summaryA vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.mitre.org09/10/2021accettato
70
11694471VulD...183937cve_nvd_summaryMultiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.mitre.org09/10/2021accettato
70
11694470VulD...183936cve_nvd_summaryMultiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.mitre.org09/10/2021accettato
70
11694469VulD...183935cve_nvd_summaryA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.mitre.org09/10/2021accettato
70
11694468VulD...183934cve_nvd_summaryIBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162.mitre.org09/10/2021accettato
70
11694467VulD...183934confirm_urlhttps://www.ibm.com/support/pages/node/6495879ibm.com09/10/2021accettato
70
11694466VulD...183933cve_nvd_summaryThe IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.mitre.org09/10/2021accettato
70
11694465VulD...183933confirm_urlhttps://www.ibm.com/support/pages/node/6495469ibm.com09/10/2021accettato
70
11694464VulD...183932cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.mitre.org09/10/2021accettato
70
11694463VulD...183932confirm_urlhttps://www.ibm.com/support/pages/node/6495905ibm.com09/10/2021accettato
70
11694462VulD...183931cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.mitre.org09/10/2021accettato
70
11694461VulD...183931confirm_urlhttps://www.ibm.com/support/pages/node/6495969ibm.com09/10/2021accettato
70
11694460VulD...183930cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.mitre.org09/10/2021accettato
70
11694459VulD...183930confirm_urlhttps://www.ibm.com/support/pages/node/6495969ibm.com09/10/2021accettato
70
11694458VulD...183929cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.mitre.org09/10/2021accettato
70
11694457VulD...183929confirm_urlhttps://www.ibm.com/support/pages/node/6495969ibm.com09/10/2021accettato
70
11694456VulD...183928cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.mitre.org09/10/2021accettato
70
11694455VulD...183928confirm_urlhttps://www.ibm.com/support/pages/node/6495965ibm.com09/10/2021accettato
70
11694454VulD...183926cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.mitre.org09/10/2021accettato
70
11694453VulD...183926confirm_urlhttps://www.ibm.com/support/pages/node/6495907ibm.com09/10/2021accettato
70
11694452VulD...183925cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912.mitre.org09/10/2021accettato
70
11694451VulD...183925confirm_urlhttps://www.ibm.com/support/pages/node/6495921ibm.com09/10/2021accettato
70
11694450VulD...183924cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.mitre.org09/10/2021accettato
70
11694449VulD...183924confirm_urlhttps://www.ibm.com/support/pages/node/6495967ibm.com09/10/2021accettato
70
11694448VulD...183922cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.mitre.org09/10/2021accettato
70
11694447VulD...183922confirm_urlhttps://www.ibm.com/support/pages/node/6495919ibm.com09/10/2021accettato
70
11694446VulD...183921cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.mitre.org09/10/2021accettato
70
11694445VulD...183921confirm_urlhttps://www.ibm.com/support/pages/node/6495925ibm.com09/10/2021accettato
70
11694444VulD...183920cve_nvd_summaryThe FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.mitre.org09/10/2021accettato
70
11694443VulD...183920identifier258083409/10/2021accettato
70
11694442VulD...183919cve_nvd_summaryThe WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.mitre.org09/10/2021accettato
70
11694441VulD...183918cvss3_nvd_basescore7.8nist.gov09/10/2021accettato
90
11694440VulD...183918cvss2_nvd_basescore4.6nist.gov09/10/2021accettato
90
11694439VulD...183918cvss3_meta_tempscore6.4see CVSS documentation09/10/2021accettato
90
11694438VulD...183918cvss3_meta_basescore6.5see CVSS documentation09/10/2021accettato
90
11694437VulD...183918cvss2_nvd_aiPnist.gov09/10/2021accettato
70
11694436VulD...183918cvss2_nvd_iiPnist.gov09/10/2021accettato
70
11694435VulD...183918cvss2_nvd_ciPnist.gov09/10/2021accettato
70
11694434VulD...183918cvss2_nvd_auNnist.gov09/10/2021accettato
70
11694433VulD...183918cvss2_nvd_acLnist.gov09/10/2021accettato
70
11694432VulD...183918cvss2_nvd_avLnist.gov09/10/2021accettato
70
11694431VulD...183918cvss3_nvd_aHnist.gov09/10/2021accettato
70
11694430VulD...183918cvss3_nvd_iHnist.gov09/10/2021accettato
70
11694429VulD...183918cvss3_nvd_cHnist.gov09/10/2021accettato
70
11694428VulD...183918cvss3_nvd_sUnist.gov09/10/2021accettato
70
11694427VulD...183918cvss3_nvd_uiNnist.gov09/10/2021accettato
70
11694426VulD...183918cvss3_nvd_prLnist.gov09/10/2021accettato
70
11694425VulD...183918cvss3_nvd_acLnist.gov09/10/2021accettato
70
11694424VulD...183918cvss3_nvd_avLnist.gov09/10/2021accettato
70
11694423VulD...183918cve_nvd_summaryIn lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096mitre.org09/10/2021accettato
70
11694422VulD...183917cvss3_nvd_basescore5.5nist.gov09/10/2021accettato
90
11694421VulD...183917cvss2_nvd_basescore2.1nist.gov09/10/2021accettato
90
11694420VulD...183917cvss3_meta_tempscore4.3see CVSS documentation09/10/2021accettato
90
11694419VulD...183917cvss3_meta_basescore4.4see CVSS documentation09/10/2021accettato
90
11694418VulD...183917cvss2_nvd_aiNnist.gov09/10/2021accettato
70
11694417VulD...183917cvss2_nvd_iiNnist.gov09/10/2021accettato
70
11694416VulD...183917cvss2_nvd_ciPnist.gov09/10/2021accettato
70
11694415VulD...183917cvss2_nvd_auNnist.gov09/10/2021accettato
70
11694414VulD...183917cvss2_nvd_acLnist.gov09/10/2021accettato
70
11694413VulD...183917cvss2_nvd_avLnist.gov09/10/2021accettato
70
11694412VulD...183917cvss3_nvd_aNnist.gov09/10/2021accettato
70
11694411VulD...183917cvss3_nvd_iNnist.gov09/10/2021accettato
70
11694410VulD...183917cvss3_nvd_cHnist.gov09/10/2021accettato
70
11694409VulD...183917cvss3_nvd_sUnist.gov09/10/2021accettato
70
11694408VulD...183917cvss3_nvd_uiNnist.gov09/10/2021accettato
70
11694407VulD...183917cvss3_nvd_prLnist.gov09/10/2021accettato
70
11694406VulD...183917cvss3_nvd_acLnist.gov09/10/2021accettato
70
11694405VulD...183917cvss3_nvd_avLnist.gov09/10/2021accettato
70
11694404VulD...183917cve_nvd_summaryIn get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernelmitre.org09/10/2021accettato
70
11694403VulD...183916cvss3_nvd_basescore6.7nist.gov09/10/2021accettato
90
11694402VulD...183916cvss2_nvd_basescore4.6nist.gov09/10/2021accettato
90
11694401VulD...183916price_0day$25k-$100ksee exploit price documentation09/10/2021accettato
90
11694400VulD...183916cvss3_meta_tempscore5.9see CVSS documentation09/10/2021accettato
90
11694399VulD...183916cvss3_meta_basescore6.0see CVSS documentation09/10/2021accettato
90
11694398VulD...183916cvss2_nvd_aiPnist.gov09/10/2021accettato
70
11694397VulD...183916cvss2_nvd_iiPnist.gov09/10/2021accettato
70
11694396VulD...183916cvss2_nvd_ciPnist.gov09/10/2021accettato
70
11694395VulD...183916cvss2_nvd_auNnist.gov09/10/2021accettato
70
11694394VulD...183916cvss2_nvd_acLnist.gov09/10/2021accettato
70
11694393VulD...183916cvss2_nvd_avLnist.gov09/10/2021accettato
70
11694392VulD...183916cvss3_nvd_aHnist.gov09/10/2021accettato
70
11694391VulD...183916cvss3_nvd_iHnist.gov09/10/2021accettato
70
11694390VulD...183916cvss3_nvd_cHnist.gov09/10/2021accettato
70
11694389VulD...183916cvss3_nvd_sUnist.gov09/10/2021accettato
70
11694388VulD...183916cvss3_nvd_uiNnist.gov09/10/2021accettato
70
11694387VulD...183916cvss3_nvd_prHnist.gov09/10/2021accettato
70
11694386VulD...183916cvss3_nvd_acLnist.gov09/10/2021accettato
70
11694385VulD...183916cvss3_nvd_avLnist.gov09/10/2021accettato
70

1269 non vengono visualizzate più voci

Want to stay up to date on a daily basis?

Enable the mail alert feature now!