The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
In this Blog , i am writing about High vulnerabilities only and some of Medium and Low if they it feels important to me .
For list of all vulnerabilities you can check CISA Bulletin .
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — nuttx | Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2021-06-21 | 7.5 | CVE-2021-26461 CONFIRM |
| autoptimize — autoptimize | The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the “Import Settings” feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the “Import Settings” functionality to achieve Remote Code Execution. | 2021-06-21 | 7.5 | CVE-2021-24376 CONFIRM |
| ayecode — location_manager | In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. | 2021-06-21 | 7.5 | CVE-2021-24361 MISC CONFIRM |
| cleo — lexicom | An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. | 2021-06-18 | 7.5 | CVE-2021-33576 MISC MISC |
| contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. | 2021-06-18 | 7.5 | CVE-2021-21281 MISC CONFIRM |
| contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. | 2021-06-18 | 7.5 | CVE-2021-21280 MISC CONFIRM |
| contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. | 2021-06-18 | 7.8 | CVE-2021-21279 CONFIRM |
| contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. | 2021-06-18 | 7.5 | CVE-2021-21282 MISC CONFIRM |
| google — android | In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 | 2021-06-21 | 7.2 | CVE-2021-0478 MISC |
| google — android | In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 | 2021-06-21 | 8.3 | CVE-2021-0507 MISC |
| google — android | In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048 | 2021-06-21 | 7.2 | CVE-2021-0505 MISC |
| google — android | In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 | 2021-06-21 | 7.5 | CVE-2021-0516 MISC |
| greenbone — greenbone_security_assistant | Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. | 2021-06-21 | 7.5 | CVE-2018-25016 MISC MISC |
| jenkins — generic_webhook_trigger | Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2021-06-18 | 7.5 | CVE-2021-21669 CONFIRM MLIST |
| joomla — joomla\! | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | 2021-06-21 | 7.5 | CVE-2010-1435 MISC MISC |
| joomla — joomla\! | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | 2021-06-21 | 7.5 | CVE-2010-1433 MISC MISC |
| primion-digitek — secure_8 | Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | 2021-06-18 | 7.5 | CVE-2021-3604 CONFIRM CONFIRM |
| radykal — fancy_product_designer | The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. | 2021-06-21 | 7.5 | CVE-2021-24370 MISC CONFIRM |
| serenityos — serenityos | SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. | 2021-06-18 | 7.5 | CVE-2021-31272 MISC MISC MISC CONFIRM |
| textpattern — textpattern | Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | 2021-06-21 | 7.5 | CVE-2020-19510 MISC |
| txjia — imcat | SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | 2021-06-23 | 7.5 | CVE-2020-20392 MISC |
| white_shark_systems_project — white_shark_systems | White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | 2021-06-21 | 7.5 | CVE-2020-20466 MISC |
| white_shark_systems_project — white_shark_systems | White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | 2021-06-21 | 9 | CVE-2020-20471 MISC |
For the complete list Please visit https://us-cert.cisa.gov/ncas/bulletins/sb21-179
Please subscribe hello-worlds.in for more updates .
helloworlds 