CVE-2024-27130

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 2 Posts
  • 6 Interactions

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture
[RSS] QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)

https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
  • 0
  • 0
  • 4 hours ago
Profile picture

watchTowr: QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
Always a pleasure to read vulnerability analyses from watchTowr as they take us through QNAP's Network Attached Storage (NAS) products QTS (operating system), QuTSCloud (VM-optimized version) and QTS hero (high performance features version). NAS are very attractive targets for ransomware actors, and watchTowr walks us through finding vulnerabilities and providing a working exploit (proofs of concept available). A lot of humor injected throughout.
watchTowr is extremely transparent in listing all of the vulnerabilities found (and what's under embargo), with a timeline, communications and coordination with QNAP (JetBrains take note!), and their vulnerability disclosure policy.

cc: @wdormann you might find this interesting if you haven't read it already

  • 3
  • 3
  • 23 hours ago

CVE-2024-22026

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 1 Post
  • 5 Interactions

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture

Yet another Ivanti vulnerability...

"Exploiting CVE-2024-22026: Rooting Ivanti EPMM "MobileIron Core"":

redlinecybersecurity.com/blog/

PoC:

github.com/securekomodo/CVE-20

  • 2
  • 3
  • 4 hours ago

CVE-2024-34359

abetlen llama-cpp-python

10 May 2024
Published
10 May 2024
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
0.04%

  • 1 Post

CVE Info

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.

Fediverse

Profile picture

'CVE-2024-34359 is a critical vulnerability stemming from the misuse of the Jinja2 template engine within the "llama_cpp_python" package ... The core issue arises from processing template data without proper security measures such as sandboxing, which Jinja2 supports but was not implemented in this instance. This oversight allows attackers to inject malicious templates that execute arbitrary code on the host system.

'With over 6,000 models on the HuggingFace platform ... potentially susceptible to similar vulnerabilities ... the breadth of the risk is substantial'.

Another day in OSS and software supply chains.
checkmarx.com/blog/llama-drama

  • 0
  • 0
  • 12 hours ago

CVE-2024-34351

vercel next.js

09 May 2024
Published
09 May 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.06%

  • 1 Post

CVE Info

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.

Fediverse

Profile picture

Next.jsのSSRF CVE-2024-34351見てる

  • 0
  • 0
  • 7 hours ago

CVE-2024-30056

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 1 Post

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture

Microsoft Security Response Center (MSRC): CVE-2024-30056 - Security Update Guide
This one slipped through the cracks: CVE-2024-30056 (7.1 high)
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Weakness: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor. The 3 FAQ answers provide context as to how to exploit the vulnerability. Not publicly disclosed, not exploited, exploitation less likely.

  • 0
  • 0
  • 1 hours ago

CVE-2024-4984

yoast Yoast SEO

16 May 2024
Published
16 May 2024
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
Pending

  • 1 Post

CVE Info

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Fediverse

Profile picture

Resumen de las últimas 24 horas en seguridad informática: El Departamento de Justicia toma medidas contra Corea del Norte y una vulnerabilidad en Yoast SEO pone en riesgo sitios de WordPress. Microsoft reforzará la autenticación multifactor en Azure, instituciones financieras tendrán 30 días para informar brechas y Metasploit introduce actualizaciones clave. Además, el FBI cierra un foro con filtraciones sensibles y Talos lanza un nuevo fuzzer para macOS. Descubre más en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 18/05/24 📆 |====

🔒 CHARGES AND SEIZURES BROUGHT IN FRAUD SCHEME, AIMED AT DENYING REVENUE FOR WORKERS ASSOCIATED WITH NORTH KOREA

El Departamento de Justicia revela acciones legales para interrumpir los esfuerzos de generación de ingresos ilícitos de Corea del Norte. ¡Descubre más sobre esta importante medida! 👉 djar.co/W6c2c

🔒 CVE-2024-4984: YOAST SEO FLAW EXPOSES MILLIONS OF WORDPRESS SITES TO ATTACK

Vulnerabilidad en Yoast SEO podría permitir a actores maliciosos inyectar scripts dañinos en sitios de WordPress. ¡Protégete y conoce más detalles aquí! 👉 djar.co/WaW7vY

🔒 MICROSOFT TO START ENFORCING AZURE MULTI-FACTOR AUTHENTICATION IN JULY

Microsoft comenzará a hacer cumplir la autenticación multifactor para todos los usuarios que accedan a Azure a partir de julio. ¡Entérate de cómo esta medida fortalecerá la seguridad en línea! 👉 djar.co/ghb7gA

🔒 FINANCIAL INSTITUTIONS HAVE 30 DAYS TO DISCLOSE BREACHES UNDER NEW RULES

Instituciones financieras tienen 30 días para divulgar brechas bajo nuevas reglas. Mantente informado sobre las normativas que buscan garantizar la transparencia en el sector. 👉 djar.co/toSpGM

🔒 METASPLOIT WRAP-UP 05/17/2024 | RAPID7 BLOG

Metasploit agrega capacidades LDAP mejoradas junto con dos nuevos módulos. ¡Descubre las últimas actualizaciones de esta poderosa herramienta de seguridad informática! 👉 djar.co/egJL

🔒 FBI TOMÓ EL PODER DE UN FORO QUE TENÍA FILTRACIONES DE FOTOS DE CÉDULAS Y HACKEOS DEL INAU, INTENDENCIAS Y EMPRESAS URUGUAYAS

El FBI cierra un sitio con filtraciones sensibles y solicita información adicional de los usuarios sobre sus actividades. Conoce más sobre esta intervención clave en la lucha contra el cibercrimen. 👉 djar.co/E8R7yw

🔒 TALOS RELEASES NEW MACOS OPEN-SOURCE FUZZER

Talos lanza un nuevo fuzzer de código abierto para macOS, facilitando la detección de vulnerabilidades en esta plataforma. ¡Explora esta herramienta que fortalece la seguridad en sistemas Apple! 👉 djar.co/Yxtx

  • 0
  • 0
  • last hour

CVE-2024-27956

ValvePress Automatic

21 Mar 2024
Published
29 Apr 2024
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%

  • 1 Post
  • 1 Interaction

CVE Info

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

Fediverse

Profile picture

🚨POC RELEASED🚨WordPress Auto Admin Account Creation & Reverse Shell CVE-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server.

github.com/AiGptCode/WordPress

x.com/DarkWebInformer/status/1

  • 1
  • 0
  • 22 hours ago

CVE-2024-27834

Apple iOS and iPadOS

13 May 2024
Published
13 May 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Fediverse

Profile picture

Apple has released software updates to address a zero-day vulnerability in Safari.

The vulnerability is tracked as CVE-2024-27834, and when exploited, can allow an attacker to bypass security protections.

Users are advised to patch ASAP.

#cybersecurity #Apple #Safari #zeroday

bleepingcomputer.com/news/appl

  • 1
  • 0
  • 23 hours ago

CVE-2021-46873

Pending

29 Jan 2023
Published
29 Jan 2023
Updated

CVSS
Pending
EPSS
0.07%

  • 1 Post
  • 6 Interactions

CVE Info

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.

Fediverse

Profile picture

WireGuard CVE-2021-46873 is wild, i think this is the time for me to switch to post quantum secure protocols such as rosenpass

  • 0
  • 6
  • 23 hours ago

CVE-2024-5022

Mozilla Focus for iOS

17 May 2024
Published
17 May 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.

Fediverse

Profile picture

Mozilla Foundation security advisory: 2024-24 Security Vulnerabilities fixed in Focus for iOS 126
Only 1 vulnerability (not exploited): CVE-2024-5022 (high severity) URLs with file scheme could have been used to spoof addresses in the location bar

  • 0
  • 1
  • 15 hours ago

CVE-2024-3400

KEV
Palo Alto Networks PAN-OS

12 Apr 2024
Published
19 Apr 2024
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
95.36%

  • 1 Post

CVE Info

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Fediverse

Profile picture

A potential RCE (CVE-2024-3400) through Shodan/FOFA/BinaryEdge.

packetstormsecurity.com/files/

  • 0
  • 0
  • 22 hours ago

CVE-2023-52424

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 1 Post

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture

The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols. thehackernews.com/2024/05/new-

  • 0
  • 0
  • 23 hours ago

CVE-2024-22476

Intel(R) Neural Compressor software

16 May 2024
Published
16 May 2024
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

  • 1 Post
  • 6 Interactions

CVE Info

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

Fediverse

Profile picture

Intel security advisory: Intel® Neural Compressor Software Advisory
Intel scores a perfect 10.0 CVSSv3 score (critical severity) 🥳 with CVE-2024-22476 : Improper input validation in some Intel Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Also included is CVE-2024-21792 (4.7 medium) Time-of-check Time-of-use race condition in Intel Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.

No mention of exploitation. cc: @cR0w h/t: @Newk

  • 3
  • 3
  • 21 hours ago

CVE-2024-21792

Intel(R) Neural Compressor software

16 May 2024
Published
16 May 2024
Updated

CVSS v3.1
MEDIUM (4.7)
EPSS
0.04%

  • 1 Post
  • 6 Interactions

CVE Info

Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.

Fediverse

Profile picture

Intel security advisory: Intel® Neural Compressor Software Advisory
Intel scores a perfect 10.0 CVSSv3 score (critical severity) 🥳 with CVE-2024-22476 : Improper input validation in some Intel Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Also included is CVE-2024-21792 (4.7 medium) Time-of-check Time-of-use race condition in Intel Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.

No mention of exploitation. cc: @cR0w h/t: @Newk

  • 3
  • 3
  • 21 hours ago