[월:] 2022년 09월

CVE-2022-40709

Posted on by admin

CVE-2022-40709

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.

This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.

Source: CVE-2022-40709

CVE-2022-39257

Posted on by admin

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Source: CVE-2022-39257

CVE-2022-39263

Posted on by admin

CVE-2022-39263

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim’s email could easily sign in as the victim, given the attacker also knows about the verification token’s expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query’s token and identifier before proceeding.

Source: CVE-2022-39263

CVE-2022-40707

Posted on by admin

CVE-2022-40707

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.

This vulnerability is similar to, but not identical to CVE-2022-40708.

Source: CVE-2022-40707

CVE-2022-39255

Posted on by admin

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one’s new logins using emoji/QR verifications methods until patched.

Source: CVE-2022-39255

CVE-2022-34394

Posted on by admin

CVE-2022-34394

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

Source: CVE-2022-34394

CVE-2022-29089

Posted on by admin

CVE-2022-29089

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

Source: CVE-2022-29089