[CERT-daily] Tageszusammenfassung - 19.07.2021

Daily end-of-shift report team at cert.at
Mon Jul 19 18:08:10 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 16-07-2021 18:00 − Montag 19-07-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Innenministerium warnt vor betrügerischen SMS ∗∗∗
---------------------------------------------
Es sind erneut Betrugs-SMS im Umlauf, wobei Menschen in Österreich immer wieder Benachrichtigungen mit Informationen zu einer verpassten Sprachnachricht erhalten. 
---------------------------------------------
https://www.bmi.gv.at/news.aspx?id=50783968547451414D42673D


∗∗∗ VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files ∗∗∗
---------------------------------------------
Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process.
---------------------------------------------
https://kb.cert.org/vuls/id/131152


∗∗∗ Betrug per Whatsapp: "Ich hab mein Handy verloren, kannst du Geld überweisen?" ∗∗∗
---------------------------------------------
Mit vorgeblichen Hilferufen von Verwandten versuchen Trickbetrüger per Whatsapp, Menschen um ihr Geld zu bringen - oft mit Erfolg, sagt die Polizei.
---------------------------------------------
https://www.golem.de/news/betrug-per-whatsapp-ich-hab-mein-handy-verloren-kannst-du-geld-ueberweisen-2107-158238-rss.html


∗∗∗ That iPhone WiFi crash bug is far worse than initially thought ∗∗∗
---------------------------------------------
An innocuous iPhone bug that could crash the WiFi service has turned out to be far worse than initially thought after mobile security firm ZecOps showed on Friday how the bug could be abused for remote code execution attacks.
---------------------------------------------
https://therecord.media/that-iphone-wifi-crash-bug-is-far-worse-than-initially-thought/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-815: Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-815/


∗∗∗ ZDI-21-876: (0Day) Advantech WebAccess/NMS DashBoardAction Missing Authentication Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-876/


∗∗∗ ZDI-21-879: (0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-879/


∗∗∗ ZDI-21-877: (0Day) Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Meshmixer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-877/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, mbedtls, nextcloud, python-pillow, ruby, ruby2.6, ruby2.7, systemd, thunderbird, varnish, and vivaldi), Debian (thunderbird), Fedora (chromium, firefox, and linux-firmware), Gentoo (apache, commons-fileupload, dovecot, and mediawiki), openSUSE (firefox, fossil, go1.16, and icinga2), Oracle (firefox, kernel, and kernel-container), Red Hat (nettle), and SUSE (firefox and go1.16).
---------------------------------------------
https://lwn.net/Articles/863453/


∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. 
---------------------------------------------
https://support.citrix.com/article/CTX319135


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-installed-websphere-application-server-2/


∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE results in a low confidentiality impact ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-results-in-a-low-confidentiality-impact/


∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Handlebars.js ( CVE-2019-19919, CVE-2021-32820) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-handlebars-js-cve-2019-19919-cve-2021-32820/


∗∗∗ Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/


∗∗∗ Security Bulletin: IBM Security SOAR could allow a privileged user to import non-approved Python2 modules (CVE-2021-29780). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-could-allow-a-privileged-user-to-import-non-approved-python2-modules-cve-2021-29780/


∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tier CVE-2021-21409 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tier-cve-2021-21409/


∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2021-25215) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve-2021-25215/


∗∗∗ Security Bulletin: Vulnerability in shell affects Power Hardware Management Console ( CVE-2021-29707). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-shell-affects-power-hardware-management-console-cve-2021-29707/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list