誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
Highest Score:73 (2020/04/23)
脆弱性情報:Har-sia CVE-2020-0022
管理者コメント
(自動翻訳)packet_fragmenter.ccのreassemble_and_dispatchで、境界計算が正しくないために境界外の書き込みがある可能性があります。これは、追加の実行権限を必要としないBluetooth上でのリモートコード実行につながる可能性があります。ユーザーの操作は必要ありません。製品名: AndroidVersions. 製品:AndroidVersions: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715(自動翻訳ここまで)
参考URL:insinuator.net
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Microsoft Internet Explorer.The vulnerability is due to an error when the vulnerable software attempts to handle a maliciously crafted web page. An attacker can exploit this by tricking a user into visiting a malicious webpage and execute arbitrary code within the context of the application.
Internet Explorer 10 Windows Server 2012
Internet Explorer 11 Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1803 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1809 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1809 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1809 for ARM64-based Systems
Internet Explorer 11 Windows Server 2019
Internet Explorer 11 Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1909 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1709 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1709 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1709 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1903 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1903 for ARM64-based Systems
Internet Explorer 11 Windows 10 for 32-bit Systems
Internet Explorer 11 Windows 10 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1607 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1607 for x64-based Systems
Internet Explorer 11 Windows Server 2016
Internet Explorer 11 Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 Windows 8.1 for 32-bit systems
Internet Explorer 11 Windows 8.1 for x64-based systems
Internet Explorer 11 Windows RT 8.1
Internet Explorer 11 Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 11 Windows Server 2012
Internet Explorer 11 Windows Server 2012 R2
Internet Explorer 9 Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 Windows Server 2008 for x64-based Systems Service Pack 2
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
Highest Score:44 (2020/04/02)
脆弱性情報:Har-sia CVE-2020-0674
管理者コメント
(自動翻訳)Internet Explorer のスクリプティングエンジンがメモリ内のオブジェクトを処理する方法にリモートコード実行の脆弱性が存在します。この CVE ID は CVE-2020-0673、CVE-2020-0710、CVE-2020-0711、CVE-2020-0712、CVE-2020-0713、CVE-2020-0767 に固有のものです。(自動翻訳ここまで)
参考URL:jpcert
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Exchange Server.The vulnerability is due to insecure keys. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 3
Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft Exchange Server 2019 Cumulative Update 4
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
Highest Score:62 (2020/04/08)
脆弱性情報:Har-sia CVE-2020-0688
管理者コメント
(自動翻訳)Microsoft Exchangeソフトウェアには、ソフトウェアがメモリ内のオブジェクトを適切に処理できない場合、リモートコード実行の脆弱性が存在します。(自動翻訳ここまで)
参考URL:rapid7.com
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Highest Score:152 (2020/03/31)
脆弱性情報:Har-sia CVE-2020-0796
管理者コメント
(自動翻訳)Microsoft Server Message Block 3.1.1.1 (SMBv3) プロトコルが特定のリクエストを処理する方法にリモートコード実行の脆弱性が存在します。
先月からめっちゃ話題になったやつですね。PoCたくさん見かける。
参考URL:securityaffairs
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
This indicates an attack attempt against a remote Code Execution vulnerability in Microsoft Adobe Font Driver.The vulnerability is caused by an error when the vulnerable software handles a specially crafted Type1 font file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted Type1 font file.
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020
Highest Score:37 (2020/04/15)
脆弱性情報:Har-sia CVE-2020-1020
管理者コメント
(自動翻訳)Microsoft Windows には、Windows の Adobe Type Manager Library が、特別に作成されたマルチマスターフォントである Adobe Type 1 PostScript 形式を不適切に扱う際に、リモートコード実行の脆弱性が存在します。この CVE ID は CVE-2020-0938 に固有のものです。(自動翻訳ここまで)
参考URL:thehackernews
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Highest Score:104 (2020/04/22)
脆弱性情報:Har-sia CVE-2020-1967
管理者コメント
(自動翻訳)TLS 1.3 のハンドシェイク中やハンドシェイク後に SSL_check_chain() 関数を呼び出すサーバやクライアントアプリケーションは、TLS 拡張モジュール "signature_algorithms_cert" の扱いが間違っていた結果、 NULL ポインタの参照が原因でクラッシュする可能性があります。このクラッシュは、無効な、あるいは認識されていない署名アルゴリズムを相手から受信した場合に発生します。これは、悪意のあるピアがサービス拒否攻撃で悪用される可能性があります。OpenSSL バージョン 1.1.1.1d、1.1.1e、1.1.1f がこの問題の影響を受けます。この問題は、OpenSSL 1.1.1.1d より前のバージョンでは影響を受けませんでした。OpenSSL 1.1.1.1g で修正されました (影響を受ける 1.1.1.1d-1.1.1f)。 (自動翻訳ここまで)
参考URL:securityaffairs
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Highest Score:63 (2020/04/11)
脆弱性情報:Har-sia CVE-2020-3952
管理者コメント
(自動翻訳)特定の条件下では、組み込み型または外部のプラットフォーム サービス コントローラー(PSC)の一部としてVMware vCenter Serverに同梱されているvmdirでは、アクセス制御が正しく実装されていません。(自動翻訳ここまで)
参考URL:guardicore
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
Highest Score:34 (2020/04/17)
脆弱性情報:Har-sia CVE-2020-8835
管理者コメント
(自動翻訳)Linux カーネル 5.5.0 以降では、bpf ベリファイア (kernel/bpf/verifier.c) が 32 ビット演算のレジスタ境界を適切に制限しておらず、カーネルメモリ内で境界外の読み書きが発生していました。この脆弱性は v5.4.4.7 以降の Linux 5.4 安定版シリーズにも影響します。この脆弱性は 5.6.1、5.5.14、5.4.29 で修正されました。(この問題は別名 ZDI-CAN-10780)(自動翻訳ここまで)
参考URL:thezdi
計8件
Tweet