RSS 생중계

CVE-2021-0651

Latest 7 days CVE Lists - 금, 2021/10/22 - 11:15오후
In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844

Apple's Safari Browser Runs the Risk of Becoming the New Internet Explorer -- Holding the Web Back for everyone

Slashdot - 금, 2021/10/22 - 11:00오후
Scott Gilbertson, writing for The Register: The legacy of Internet Explorer 6 haunts web developer nightmares to this day. Microsoft's browser of yore made their lives miserable and it's only slightly hyperbolic to say it very nearly destroyed the entire internet. It really was that bad, kids. It made us walk to school in the snow. Uphill. Both ways. You wouldn't understand. Or maybe you would. Today developers who want to use "cutting-edge" web APIs find themselves resorting to the same kind of browser-specific workarounds, but this time the browser dragging things down comes from Apple. Apple's Safari lags considerably behind its peers in supporting web features. Whether it's far enough behind to be considered "the new IE" is debatable and may say more about the shadow IE still casts across the web than it does about Safari. But Safari -- or more specifically the WebKit engine that powers it -- is well behind the competition. According to the Web Platform Tests dashboard, Chrome-based browsers support 94 per cent of the test suite, and Firefox pulls off 91 per cent, but Safari only manages 71 per cent. On the desktop this doesn't matter all that much because users can always switch to Google Chrome (or even better, Vivaldi). On iOS devices, however, that's not possible. According to Apple's App Store rules: "apps that browse the web must use the appropriate WebKit framework and WebKit Javascript." Every iPhone user is a Safari/WebKit user whether they use Safari or Chrome. Apple has a browser monopoly on iOS, which is something Microsoft was never able to achieve with IE. In Windows you could at least install Firefox. If you do that on iOS it might say Firefox, but you're still using WebKit. The reality is if you have an iOS device, you use Safari and are bound by its limitations. Another thing web developers find distressing is Apple's slow development cycle. Apple updates Safari roughly every six months at best. Blink-based browsers update every six weeks (soon every four), Firefox releases every four weeks, and Brave releases every three. This means that not only is Apple slow to add new features, but its development cycle means that even simple bug fixes have to wait a long time before they actually land on users' devices. Safari workarounds are not quick fixes. If your website is affected by a Safari bug, you can expect to wait up to a year before the problem is solved. One theme that emerges when you dig into the Web Platform Tests data on Safari's shortcomings is that even where WebKit has implemented a feature, it's often not complete.

Read more of this story at Slashdot.

카테고리:

Security updates for Friday

lwn.net - 금, 2021/10/22 - 10:34오후
Security updates have been issued by Arch Linux (apache, chromium, nodejs, nodejs-lts-erbium, nodejs-lts-fermium, and virtualbox), Fedora (vsftpd and watchdog), Oracle (java-1.8.0-openjdk, java-11-openjdk, and redis:6), and Ubuntu (libcaca, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-azure-5.8, and mailman).
카테고리:

Governments Turn Tables On Ransomware Gang REvil By Pushing It Offline

Slashdot - 금, 2021/10/22 - 10:00오후
An anonymous reader shares a report from Reuters: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available. Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates. VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups," said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. "REvil was top of the list." [...] U.S. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. software management company Kaseya in July. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom. But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement. "The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them." Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.

Read more of this story at Slashdot.

카테고리:

CVE-2021-38481

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.

CVE-2021-41744

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.

CVE-2021-41745

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

CVE-2021-41747

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.

CVE-2021-36357

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.

CVE-2021-38449

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product.

CVE-2021-38451

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.

CVE-2021-38453

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CVE-2021-38455

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.

CVE-2021-38457

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.

CVE-2021-38459

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.

CVE-2021-38461

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

CVE-2021-38463

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.

CVE-2021-38465

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.

CVE-2021-38467

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.

CVE-2021-38469

Latest 7 days CVE Lists - 금, 2021/10/22 - 9:15오후
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

페이지

KLDP 수집기 구독하기