Security
Headlines
HeadlinesLatestCVEs

Tag

#alibaba

Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’

Indian tech policy expert Samir Saran says it’s not too late to ‘course-correct’ after a ‘challenging decade’ for liberal democracies

PortSwigger
#mac#git#alibaba#auth
India’s New Super App Has a Privacy Problem

Tata Neu is the country’s latest do-everything app. When users signed up, their personal information was already there.

GHSA-9hr3-j9mc-xmq2: Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

CVE-2022-25842: remove unused IOUtils.unzip by robberphex · Pull Request #29 · alibaba/one-java-agent

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Hospitals taken offline after cyberattack

A group of French hospitals was taken offline afetr a data breach has been discovered. The stolen data are patient records including SSN, banking information, email addresses, and phone numbers. The post Hospitals taken offline after cyberattack appeared first on Malwarebytes Labs.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2021-44228: Log4j – Apache Log4j Security Vulnerabilities

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVE-2021-35576: Oracle Critical Patch Update Advisory - October 2021

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVE-2021-30913: About the security content of macOS Monterey 12.0.1

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables.