ATI Update ATI-2022-14
New Protocols & Applications (3)
Name |
Category |
Info |
edX Jun 2022 |
Voice/Video/Media |
edX is an American massive open online course provider created by Harvard and MIT. |
OperaVPN Jun22 |
Security |
Opera is a multi-platform web browser developed by its namesake company Opera. It comes with a free browser VPN built into the desktop client. Users can toggle the VPN option and browse anonymously from anywhere. |
XiaoHongShu Mobile Jun 2022 |
Voice/Video/Media |
XiaoHongShu is a Chinese on-line life experience sharing platform. |
New Superflows (3)
Name |
Category |
Tags |
Info |
edX Jun 2022 |
Voice/Video/Media |
SimulatedTLS |
edX is an American massive open online course provider created by Harvard and MIT. |
OperaVPN Jun22 |
Security |
Security |
Simulates the use of the Opera desktop client as of June 2022 where a user opens the browser, turns the VPN on and starts browsing the internet. |
XiaoHongShu Mobile Jun 2022 |
Voice/Video/Media |
SimulatedTLS |
XiaoHongShu is a Chinese on-line life experience sharing platform. |
New Strikes (2)
CVSS |
ID |
References |
Category |
Info |
6.8 |
E22-ccxj1 |
CVE-2021-30551CVSSCVSSv3CWE-843URL
|
Exploits |
This strike exploits a memory corruption vulnerability in Google Chrome browsers. The vulnerability is due to type confusion in the V8 engine. The vulnerability can be found in the SetPropertyInternal function due to an interceptor. An attacker could exploit this vulnerability by convincing a user to open a malicious HTML page, which could lead to remote code execution. |
3.5 |
E22-7p7i1 |
CVE-2019-13182CVSSCVSSv3CWE-79URL
|
Exploits |
This strike exploits a stored cross-site scripting vulnerability in the SolarWinds Serv-U FTP Server. The vulnerability is due to incorrect input validation prior to using the %USER_FULL_NAME% macro to render the Web UI. A remote, authenticated attacker could exploit this vulnerability by embedding malicious script code. A successful attack may result in the execution of script code in the security context of the target user. |