A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.

Published: **3 June 2021**

\[Unknown description\]

**Status**

Package

Release

Status

htmldoc  
Launchpad, Ubuntu, Debian

bionic

Needed  

focal

Needed  

groovy

Ignored (reached end-of-life)  

hirsute

Ignored (reached end-of-life)  

impish

Needed  

trusty

Does not exist  

upstream

Needs triage  

xenial

Ignored (out of standard support)  

**References**

*   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23191
*   https://github.com/michaelrsweet/htmldoc/issues/415
*   https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
*   NVD
*   Launchpad
*   Debian

**Bugs**

*   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437

CVE-2021-23191: CVE-2021-23191 | Ubuntu

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1<?php2   /\*3   Plugin Name: WP Font Awesome4   Plugin URI: https://wordpress.org/plugins/wp-font-awesome/5   Description: This plugin allows the easily embed Font Awesome to your site.6   Version: 1.7.97   Author: Zayed Baloch8   Author URI: https://www.zayedbaloch.com/9   License: GPL210   \*/1112defined('ABSPATH') or die("No script kiddies please!");13define( 'ZB\_FAWE\_VERSION',   '1.7.9' );14define( 'ZB\_FAWE\_URL', plugins\_url( '', \_\_FILE\_\_ ) );15define( 'ZB\_FAWE\_TEXTDOMAIN',  'zb\_font\_awesome' );1617function zb\_wp\_font\_awesome() {18  load\_plugin\_textdomain( ZB\_FAWE\_TEXTDOMAIN );19}20add\_action( 'init', 'zb\_wp\_font\_awesome' );21222324function wp\_font\_awesome\_style() {2526  wp\_register\_style('fontawesome-css-6', ZB\_FAWE\_URL . '/font-awesome/css/fontawesome-all.min.css', array(), ZB\_FAWE\_VERSION);27  wp\_enqueue\_style('fontawesome-css-6');2829  wp\_register\_style('fontawesome-css-4', ZB\_FAWE\_URL . '/font-awesome/css/v4-shims.min.css', array(), ZB\_FAWE\_VERSION);30  wp\_enqueue\_style('fontawesome-css-4');31  32}33add\_action('wp\_enqueue\_scripts', 'wp\_font\_awesome\_style');3435function wp\_font\_awesome\_style\_admin() {36    // TODO: Only Load on Edit Page37    wp\_enqueue\_style('wp-font-awesome-script-admin', ZB\_FAWE\_URL.'/style.css');38}3940add\_action('admin\_enqueue\_scripts', 'wp\_font\_awesome\_style\_admin');4142/\*function wp\_font\_awesome\_admin\_script() {43  wp\_enqueue\_script( 'wp-font-awesome-script', ZB\_FAWE\_URL . '/script.js', array( 'jquery' ), ZB\_FAWE\_VERSION, true );44}45add\_action( 'admin\_enqueue\_scripts', 'wp\_font\_awesome\_admin\_script' );\*/4647function wp\_fa\_shortcode( $atts ) {48  extract( shortcode\_atts( array( 'icon' \=> 'home', 'size' \=> '', 'color' \=> '', 'sup' \=> ''), $atts ) );49  if ( $size ) { $size \= esc\_attr(' fa-'.$size); } else{ $size \= ''; }50  if ( $color ) { $color \= ' style="color: '.esc\_attr($color) ; } else{ $color \= esc\_attr(''); }5152  if ( strtolower($sup) \=== 'yes' ) {53    return '';54  } else{55    return '';56  }57}5859function wp\_fa5s\_shortcode( $atts ) {60  extract( shortcode\_atts( array( 'icon' \=> 'home', 'size' \=> '', 'color' \=> '', 'sup' \=> '' ), $atts ) );61  if ( $size ) { $size \= esc\_attr(' fa-'.$size); }62  else{ $size \= ''; }6364  if ( $color ) { $color \= ' style="color: '.esc\_attr($color) ; }65  else{ $color \= ''; }6667  if ( strtolower($sup) \=== 'yes' ) {68    return '';69  } else{70    return '';71  }72}7374function wp\_fa5r\_shortcode( $atts ) {75  extract( shortcode\_atts( array( 'icon' \=> 'home', 'size' \=> '', 'color' \=> '', 'sup' \=> '' ), $atts ) );76  if ( $size ) { $size \= esc\_attr(' fa-'.$size); }77  else{ $size \= ''; }7879  if ( $color ) { $color \= ' style="color: '.esc\_attr($color) ; }80  else{ $color \= ''; }8182  if ( strtolower($sup) \=== 'yes' ) {83    return '';84  } else{85    return '';86  }8788}8990function wp\_fa5b\_shortcode( $atts ) {91  extract( shortcode\_atts( array( 'icon' \=> 'home', 'size' \=> '', 'color' \=> '', 'sup' \=> '' ), $atts ) );92  if ( $size ) { $size \= esc\_attr(' fa-'.$size); }93  else{ $size \= ''; }9495  if ( $color ) { $color \= ' style="color: '.esc\_attr($color) ; }96  else{ $color \= ''; }9798  if ( strtolower($sup) \=== 'yes' ) {99    return '';100  } else{101    return '';102  }103104}105106add\_shortcode( 'wpfa', 'wp\_fa\_shortcode' );107add\_shortcode( 'wpfa5s', 'wp\_fa5s\_shortcode' );108add\_shortcode( 'wpfa5r', 'wp\_fa5r\_shortcode' );109add\_shortcode( 'wpfa5b', 'wp\_fa5b\_shortcode' );110111add\_filter('wp\_nav\_menu\_items', 'do\_shortcode');112add\_filter('widget\_text', 'do\_shortcode');113add\_filter('widget\_title', 'do\_shortcode');114115function wpfa\_add\_shortcode\_to\_title( $title ){116  return do\_shortcode($title);117}118add\_filter( 'the\_title', 'wpfa\_add\_shortcode\_to\_title' );119120121function wpfontawesome\_register\_setting\_page() {122  add\_options\_page('WP Font Awesome', 'WP Font Awesome', 'manage\_options', 'wpFontAwesome', 'wpfontawesome\_setting\_page');123}124add\_action('admin\_menu', 'wpfontawesome\_register\_setting\_page');125126function wpfontawesome\_setting\_page(){127?>128129  <h2>WP Font Awesome &nbsp;&nbsp;Version: 1.7</h2>130  This plugin allows you to easily embed Font Awesome icon to your site with simple shortcodes.131132  <h2>Shortcodes</h2>133Introduced three new shortcode for Font Awesome support.134135Font Awesome 5136<code>\[wpfa5s icon="home" size="3x" color"#336699"\]</code> for Solid style.137<code>\[wpfa5r icon="user" color="red"\]</code> for Regular style. support only in few icon.138<code>\[wpfa5b icon="wordpress" size="5x" color="#3B5998"\]</code> for Brands.139 140Font Awesome 4.7141<code>\[wpfa icon="gear" color="green"\]</code>.142143 144<h2>Size</h2>145<code>xs</code>, <code>sm</code>, <code>lg</code>, <code>2x</code>, <code>3x</code>, <code>5x</code>, <code>7x</code>, <code>10x</code>146147 <hr/>148Note: The <code>fa</code> prefix has been deprecated in version 5. The new default is the <code>fas</code> solid style <code>far</code> regular style and the <code>fab</code> style for brands.149150WP Font Awesome plugin still support Font Awesome version 4151152<?php153}154155// Add custom action links156add\_filter( 'plugin\_action\_links\_' . plugin\_basename( \_\_FILE\_\_ ), 'wpfontawesome\_zb\_action\_link' );157158function wpfontawesome\_zb\_action\_link( $links ) {159  $plugin\_links \= array(160    '<a href="' . admin\_url( 'options-general.php?page=wpFontAwesome' ) . '">' . \_\_( 'Help', ZB\_FAWE\_TEXTDOMAIN ) . '</a>',161  );162  return array\_merge( $plugin\_links, $links );163}164165166function wp\_font\_awesome\_add\_mce\_button() {167  // check user permissions168  if ( !current\_user\_can( 'edit\_posts' ) &&  !current\_user\_can( 'edit\_pages' ) ) {169             return;170     }171 // check if WYSIWYG is enabled172 if ( 'true' \== get\_user\_option( 'rich\_editing' ) ) {173     add\_filter( 'mce\_external\_plugins', 'wp\_font\_awesome\_add\_tinymce\_plugin' );174     add\_filter( 'mce\_buttons', 'wp\_font\_awesome\_register\_mce\_button' );175     }176}177add\_action('admin\_head', 'wp\_font\_awesome\_add\_mce\_button');178179// register new button in the editor180function wp\_font\_awesome\_register\_mce\_button( $buttons ) {181  array\_push( $buttons, 'shortcode\_wp\_font\_awesome\_insert' );182  return $buttons;183}184185186// declare a script for the new button187// the script will insert the shortcode on the click event188function wp\_font\_awesome\_add\_tinymce\_plugin( $plugin\_array ) {189  $plugin\_array\['shortcode\_wp\_font\_awesome\_insert'\] \= ZB\_FAWE\_URL .'/script.js';190  return $plugin\_array;191}

CVE-2023-5127: wp-font-awesome.php in wp-font-awesome/trunk – WordPress Plugin Repository

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

**August 2021 Product Security Bulletin**

Published 2021-08-05

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek smartphone chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least a month before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582

Medium

CVE-2021-0407, CVE-2021-0408, CVE-2021-0415, CVE-2021-0416, CVE-2021-0417, CVE-2021-0418, CVE-2021-0419, CVE-2021-0420, CVE-2021-0626, CVE-2021-0627, CVE-2021-0628

****Details****

CVE

**CVE-2021-0573**

Title

Improper check or handling of exceptional conditions in asf extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0574**

Title

Out-of-bounds write in asf extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0576**

Title

Heap overflow in flv extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-122 Heap Overflow

Description

In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0578**

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0579**

Title

Buffer over-read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-126 Buffer Over-read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0580**

Title

Integer underflow in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-191 Integer Underflow

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0581**

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0582**

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

**CVE-2021-0407**

Title

Write-what-where condition in clk driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-123 Write-what-where Condition

Description

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6833, MT6853, MT6853T, MT6873, MT6885, MT6889, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0408**

Title

Improper check or handling of exceptional conditions in asf extractor

Severity

Medium

Vulnerability Type

ID

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0415**

Title

Information disclosure in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Information Disclosure

Description

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0416**

Title

Improper input validation in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0417**

Title

Use of insufficiently random values in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-330 Use of Insufficiently Random Values

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0418**

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0419**

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0420**

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0626**

Title

Out-of-bounds write in ged

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6771, MT6779, MT6785

Affected Software Versions

Android 9.0, 10.0, 11.0

CVE

**CVE-2021-0627**

Title

Integer overflow or wraparound in OMA DRM

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6755S, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2021-0628**

Title

Improper input validation in OMA DRM

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6755S, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885

Affected Software Versions

Android 10.0, 11.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

August 5, 2021

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2021-0417: August 2021

### Impact

The `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code.

### Patches

2.2.24 for 2.2 LTS or 2.7.7 for mainline

### Workarounds

Avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.


1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2024-35241

**Composer has a command injection via malicious git branch name**

High severity GitHub Reviewed Published Jun 10, 2024 in composer/composer • Updated Jun 10, 2024

**Package**

composer composer/composer (Composer)

**Affected versions**

\>= 2.0, < 2.2.24

\>= 2.3, < 2.7.7

**Patched versions**

2.2.24

2.7.7

**Impact**

The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code.

**Patches**

2.2.24 for 2.2 LTS or 2.7.7 for mainline

**Workarounds**

Avoid installing dependencies via git by using --prefer-dist or the preferred-install: dist config setting.

**References**

* GHSA-47f6-5gq3-vx9c
* composer/composer@b93fc6c
* composer/composer@ee28354

Published to the GitHub Advisory Database

Jun 10, 2024

Last updated

Jun 10, 2024

GHSA-47f6-5gq3-vx9c: Composer has a command injection via malicious git branch name

Ethical hackers and bug bounty hunters invited to test Department of Defense assets

Jessica Haworth 17 January 2023 at 14:04 UTC

Ethical hackers and bug bounty hunters invited to test Department of Defense assets

  

The US Department of Defense (DoD) is holding its third annual Hack The Pentagon challenge, it announced this week.

Hack The Pentagon was launched in 2016, opening the door for security researchers to look for vulnerabilities in some of its top assets.

Since its creation, the program has seen more than 600 ethical hackers and bug bounty hunters invited to find bugs in DoD resources, resulting in the disclosure of more than 700 issues so far.

Read more of the latest bug bounty news

In a statement posted to the US government website, the DoD confirmed it will be organizing a third iteration of the competition this year.

It also confirmed that it is looking for contractors to partner on the program.

“The DoD’s first Vulnerability Disclosure Policy (VDP) established a 24/7 pathway for security experts to safely disclose vulnerabilities on public-facing DoD websites and applications,” the US government website states.

“DDS \[Defense Digital Service\] has ongoing contracts with security firms HackerOne, Synack, and Bugcrowd to facilitate assessments for DoD components and military services against their respective assets.”

**Going further**

In 2021, the DoD expanded its VDP beyond its public-facing websites and web applications to encompass all publicly accessible information systems.

This brought into scope all public-facing DoD networks, radio frequency-based communication platforms, IoT devices, and industrial control systems, among other technologies.

BACKGROUND US government launches ‘Hack the DHS’ bug bounty program

Also 2021, the US Department of Homeland Security (DHS) also launched a bug bounty program, inviting selected security researchers to test for vulnerabilities in its systems.

Dubbed ‘Hack the DHS’, the program, held in 2022, included three different phases – a pen test, a live hacking event, and a detailed review process.

More than 450 vetted security researchers identified 122 vulnerabilities, of which 27 were subsequently determined to be critical, the DHS revealed, adding that it awarded a total of $125,600 for the bugs.

RECOMMENDED Tell us what you think – fill out this quick survey and be in with a chance of winning Burp Suite swag

US government announces third Hack The Pentagon challenge

Categories: News
Categories: Ransomware
Tags: DAIXIN

Tags:  FBI

Tags:  CISA

Tags:  HHS

Tags:  ransomware team

Tags:  DAIXIN Team

Tags:  ransomware

The FBI, CISA, and HSH have issued a joint advisory about a new threat to healthcare organizations



(Read more...)




The post US agencies issue warning about DAIXIN Team ransomware appeared first on Malwarebytes Labs.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) have issued a joint advisory about DAIXIN Team, a fledgling ransomware and data exfiltration group that has been targeting US healthcare.

First spotted in June 2022, the DAIXIN Team quickly got the government's attention after executing multiple ransomware attacks against organizations in the health and public health sector. As is standard these days, the ransomware attacks involved both encrypting servers and stealing data. In this case the data included both personally identifiable information and patient health information PHI.

The DAIXIN leak site

The advisory reports that DAIXIN Team has been seen gaining initial access to victims' systems through their VPN severs. In one case they accessed a victim through an unpatched vulnerability, and in another the gang used phished credentials.

Upon successful infiltration, the team conducts reconnaissance, escalates privileges through credential dumping or the pass-the-hash technique, steals sensitive data, and deploys ransomware based on the Babuk Locker source code leaked in 2021.

According to Malwarebytes' Malware Intelligence Analyst and ransomware expert Marcelo Rivero, DAIXIN Team has been quieter of late. "At this time, they appear to have taken a hiatus, as they haven't listed any new victims so far this month."

As with most ransomware groups, DAIXIN team publishes details of its victims and leaks their stolen data, if they don't pay the ransom. After publishing details of three victims in August, it only published one in September, and so far none in October, with November just around the corner. A lack of published victims may indicate inactivity, or it could be that DAIXIN Team have been successful at persuading victims to pay up.

Still, healthcare organizations must heed the alarm raised by the FBI, CISA, and the HHS. They report that out of 649 ransomware reports received by the FBI Internet Crime Complaint Center in 2021, 148 were in the Healthcare and Public Health sector. DAIXIN Team may be the latest ransomware threat, but it isn't the only threat.

Basic mitigations can close the loopholes ransomware groups exploit:

*   Create a plan for patching software in a timely manner.
*   Train users to report suspicious emails and phishing attempts.
*   Require two-factor authentication (2FA) on remote desktops and VPNs.
*   Use endpoint security software with EDR to identify intruders and stop ransomware.
*   Assign access rights according to the Principle of Least Privilege.
*   Segment networks to make lateral movement more difficult.
*   Create and test offline, offsite backups that are beyond the reach of attackers.

For more information about how to protect your organization against DAIXIN Team and other ransomware gangs, go to this AA22-294A alert page.

US agencies issue warning about DAIXIN Team ransomware

The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request

CVE-2021-24906

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

CVE-2021-24354

Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose.

The vendor, i-Soon (aka Anxun) is believed to be a private contractor that operates as an Advanced Persistent Threat (APT)\-for-hire, servicing China’s Ministry of Public Security (MPS).

The leaked data is organized in a few groups, such as complaints about the company, chat records, financial information, products, employee information, and details about foreign infiltration. According to the leaked data, i-Soon infiltrated several government departments, including those from India, Thailand, Vietnam, South Korea, and NATO.

Some of the tools that i-Soon used are impressive enough. Some highlights:

*   Twitter (now X) stealer: Features include obtaining the user’s Twitter email and phone number, real-time monitoring, reading personal messages, and publishing tweets on the user’s behalf.
*   Custom Remote Access Trojans (RATs) for Windows x64/x86: Features include process/service/registry management, remote shell, keylogging, file access logging, obtaining system information, disconnecting remotely, and uninstallation.
*   The iOS version of the RAT also claims to authorize and support all iOS device versions without jailbreaking, with features ranging from hardware information, GPS data, contacts, media files, and real-time audio records as an extension. (Note: this part dates back to 2020)
*   The Android version can dump messages from all popular Chinese chatting apps QQ, WeChat, Telegram, and MoMo and is capable of elevating the system app for persistence against internal recovery.
*   Portable devices for attacking networks from the inside.
*   Special equipment for operatives working abroad to establish safe communication.
*   User lookup database which lists user data including phone number, name, and email, and can be correlated with social media accounts.
*   Targeted automatic penetration testing scenario framework.

While some of the information is dated, the leaked data provide an inside look in the operations that go on in a leading spyware vendor and APT-for-hire.

It will certainly rattle some cages at the infiltrated entities and as such it could possibly cause a shift in international diplomacy and expose the holes in the national security of several countries.

Not all of the material has been examined yet. There is a lot available and translating is not an easy task. But we will keep you posted if anything else of interest shows up.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 A first analysis of the i-Soon data leak 

Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5603.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2023:5603-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5603  
Issue date:         2023-10-10  
Revision:           01  
CVE Names:          CVE-2023-1206  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)

* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)

* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

* kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

* kernel: denial of service problem in net/unix/diag.c (CVE-2023-28327)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z12 Batch (BZ#2232645)

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

CVEs:

CVE-2023-1206

References:

https://access.redhat.com/security/updates/classification/#important

Search

lenovo warranty check/lookup | check warranty status | lenovo support us