$0.99 Kindle Books Security Vulnerabilities

Indico Tampering with links (e.g. password reset) in sent emails

Impact An external audit of the Indico codebase has discovered a vulnerability in Indico's URL generation logic which could have allowed an attacker to make Indico send a password reset link with a valid token pointing to an attacker-controlled domain by sending that domain in the Host header. Had....

CVE-2021-1404

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a...

CVE-2021-1405

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may....

CVE-2021-1252

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result...

PYSEC-2021-18

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset...

A week in security (March 29 – April 4)

Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic.....

The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO

What are the origins of the names TaoSecurity and the unit formerly known as TAO? Introduction I've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that...

Relax. Internet password books are OK

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. The primary recommendation online is usually a software-based...

Stored cross-site scripting in PressBooks

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

Stored cross-site scripting in PressBooks

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

Updated libcaca packages fix a security vulnerability

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

Debian: Security Advisory (DLA-2584-1)

The remote host is missing an update for the...

Debian DLA-2584-1 : libcaca security update

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. For Debian 9 stretch, this problem has been fixed in version 0.99.beta19-2.1~deb9u2. We recommend that you upgrade your libcaca packages. For the detailed...

[SECURITY] [DLA 2584-1] libcaca security update

Debian LTS Advisory DLA-2584-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA March 07, 2021 https://wiki.debian.org/LTS Package : libcaca Version : 0.99.beta19-2.1~deb9u2 CVE...

libcaca - security update

Bulletin has no...

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting...

Arbitrary Code Execution

libcaca.so is vulnerable to denial of service (DoS). An attacker is able to input a malicious string to call the caca_import_canvas_from_memory() function, causing a buffer overflow issue in the caca_resize function in...

CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user...

CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user...

CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user...

Buffer overflow

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user...

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization...

CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. Bugs https://github.com/cacalabs/libcaca/issues/52...

CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

Cross site scripting

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

perl security update

[4:5.26.3-417] - Fix CVE-2020-12723 (bug #1909860) - Fix Time-Local tests to pass after year 2019 (bug...

Oracle Linux 8 : perl (ELSA-2021-0557)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0557 advisory. regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723) Note...

(RHSA-2021:0557) Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more...

Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more...

RHEL 8 : perl (RHSA-2021:0557)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0557 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): *...

Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, it's an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that...

Email Relaying. A how-to and a reminder

On a recent internal infrastructure test I came across a server that had port 25/TCP open. This is normally the Simple Mail Transfer Protocol (SMTP) service, and sure enough a quick look confirmed it. Now, such services on an internal network are not unusual. System and network administrators...

CVE-2021-3309

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust...

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

Amazon Kindle RCE Attack Starts with an Email

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices.....

CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored...

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a...

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had ­ the ones that look like bike racks that can hook together ­ to try to keep the crowds away from sensitive areas and,...

Changes in WhatsApp’s Privacy Policy

If you're a WhatsApp user, pay attention to the changes in the privacy policy that you're being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users...

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation's capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For...

Military Cryptanalytics, Part III

The NSA has just declassified and released a redacted version of Military Cryptanalytics, Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago -- I believe repeatedly, in increasingly unredacted form -- and...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of...

Cross site scripting

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of...