Archive for March, 2020

CVE-2020-10696 (buildah, enterprise_linux, openshift_container_platform)

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user’s system anywhere that the user has permissions.
Source: NIST
CVE-2020-10696 (buildah, enterprise_linux, openshift_container_platform)

CVE-2020-5344

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
Source: NIST
CVE-2020-5344

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.
Source: NIST
CVE-2020-5292

CVE-2020-7009

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Source: NIST
CVE-2020-7009

Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack

Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
Source: DarkReading
Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack

CVE-2019-13495 (xgs2210-52hp_firmware)

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.
Source: NIST
CVE-2019-13495 (xgs2210-52hp_firmware)

CVE-2020-5291

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap –userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.
Source: NIST
CVE-2020-5291

Data from 5.2M Marriott Loyalty Program Members Hit by Breach

The data was breached through the credentials of two franchisee employees.
Source: DarkReading
Data from 5.2M Marriott Loyalty Program Members Hit by Breach

Latest Security News & Commentary about COVID-19

Check out Dark Reading’s updated, exclusive news and commentary surrounding the coronavirus pandemic.
Source: DarkReading
Latest Security News & Commentary about COVID-19

Why Third-Party Risk Management Has Never Been More Important

Given today’s coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here’s how to start.
Source: DarkReading
Why Third-Party Risk Management Has Never Been More Important