CVE-2024-4076

ISC BIND 9

23 Jul 2024
Published
23 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

  • 2 Posts
  • 14 Interactions

CVE Info

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Fediverse

Profile picture

Remote exploitation of BIND9? Nice.

kb.isc.org/docs/cve-2024-4076

Edited to remove RCE statement. It's remotely exploitable, but rereading it does not appear to be true RCE.

  • 2
  • 2
  • 4 hours ago
Profile picture

BIND users-

Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available at isc.org/download. (packages will be building now, so if you don't see them yet, check back later)

These releases include fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):

kb.isc.org/docs/cve-2024-0760
kb.isc.org/docs/cve-2024-1737
kb.isc.org/docs/cve-2024-1975
kb.isc.org/docs/cve-2024-4076

...

1/2

  • 5
  • 5
  • 7 hours ago

CVE-2021-30869

KEV
Apple iOS and iPadOS

24 Aug 2021
Published
19 Oct 2021
Updated

CVSS
Pending
EPSS
0.18%

  • 1 Post
  • 5 Interactions

CVE Info

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Fediverse

Profile picture

Symantec: Daggerfly: Espionage Group Makes Major Update to Toolset
Chinese APT Evasive Panda (aka Daggerfly, BRONZE HIGHLAND) has updated their custom toolset and linked to attacks against Taiwanese organizations and a U.S. non-governmental organization (NGO) based in China. Annoyingly, Symantec mentioned a vulnerability in Apache HTTP server being exploited to deliver MgBot malware, but doesn't name the CVE ID (I scanned the whole blog post for mentions of Apache (1), HTTP (5), MgBot (10), and CVE (1) but it's not identified).

Macma is a macOS backdoor with two new variants discovered by Symantec. macOS users are targeted with CVE-2021-30869 (7.8 high, disclosed 23 September 2021 by Apple, added to CISA KEV Catalog 03 November 2021) Apple type confusion to arbitrary code execution (privilege escalation) which allowed the attackers to install Macma on vulnerable systems.

Symantec also describes Evasive Panda using the Windows backdoor labeled Suzafk (aka Nightdoor, NetMM). "Symantec has seen evidence of the ability to Trojanize Android APKs, SMS interception tools, DNS request interception tools, and even malware families targeting Solaris OS." IOC provided.

  • 2
  • 3
  • 7 hours ago

CVE-2024-1737

ISC BIND 9

23 Jul 2024
Published
23 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

  • 2 Posts
  • 12 Interactions

CVE Info

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Fediverse

Profile picture

We also have a blog post from OndΕ™ej SurΓ½ on the 9.20.0 release, including performance testing results (isc.org/blogs/2024-bind920/).

---
Please Note:

To create an effective mitigation for CVE-2024-1737 we have introduced two new configurable limits that prevent the loading (into zones or into cache) of DNS resource records (RRs) that exceed them. Read this KB article,
kb.isc.org/docs/rrset-limits-i, in case you need to change the defaults to suit your specific operational environment.

  • 2
  • 0
  • 7 hours ago
Profile picture

BIND users-

Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available at isc.org/download. (packages will be building now, so if you don't see them yet, check back later)

These releases include fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):

kb.isc.org/docs/cve-2024-0760
kb.isc.org/docs/cve-2024-1737
kb.isc.org/docs/cve-2024-1975
kb.isc.org/docs/cve-2024-4076

...

1/2

  • 5
  • 5
  • 7 hours ago

CVE-2024-21412

KEV
Microsoft Windows 11 version 21H2

13 Feb 2024
Published
19 Jul 2024
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.30%

  • 1 Post
  • 1 Interaction

CVE Info

Internet Shortcut Files Security Feature Bypass Vulnerability

Fediverse

Profile picture

Fortinet: Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
FortiGuard Labs has observed a Meduza and ACR stealer campaign spreading multiple files that exploit CVE-2024-21412 (8.1 high, disclosed 13 February 2024 by Microsoft as an exploited zero-day, added to KEV Catalog same day; Internet Shortcut Files Security Feature Bypass Vulnerability) to download malicious executable files. Fortinet describes the infection chain and provides a technical analysis. IOC provided.

  • 0
  • 1
  • 6 hours ago

CVE-2024-3596

IETF RFC

09 Jul 2024
Published
11 Jul 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Fediverse

Profile picture

SonicWall security advisory: RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)
Reference: CVE-2024-3596 (SonicWall gives it an 8.1 high, disclosed 09 July 2024, see dedicated website) RADIUS Protocol Forgery Vulnerability, see parent toots above.
All SonicWall products using RADIUS authentication are affected. SonicWall PSIRT is aware that a proof of concept (PoC) exploit for this vulnerability is publicly available, we have no information regarding any exploitation of this vulnerability in the wild. No malicious use of this vulnerability has been reported to SonicWall.
No fixed software, only a workaround: The most effective approach to resolving this issue is to utilize encrypted and authenticated channels that ensure up-to-date cryptographic security protections. e.g. RADIUS protected with IPSEC VPN.

  • 0
  • 1
  • 8 hours ago

CVE-2024-6387

Red Hat Enterprise Linux 9

01 Jul 2024
Published
22 Jul 2024
Updated

CVSS
Pending
EPSS
36.87%

  • 1 Post

CVE Info

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Fediverse

Profile picture

We are so lucky that the regreSSHion vulnerability (CVE-2024-6387) is a race condition vuln and not an instant exploitation. Imagine having the Crowdstrike incident and low complexity SSH vulnerability in the same month.

  • 0
  • 0
  • 8 hours ago

CVE-2024-38112

KEV
Microsoft Windows 10 Version 22H2

09 Jul 2024
Published
18 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
1.61%

  • 1 Post

CVE Info

Windows MSHTML Platform Spoofing Vulnerability

Fediverse

Profile picture
[RSS] Micropatches Released for Windows MSHTML Platform Spoofing (CVE-2024-38112)

https://blog.0patch.com/2024/07/micropatches-released-for-windows.html
  • 0
  • 0
  • 5 hours ago

CVE-2024-36991

Splunk Enterprise

01 Jul 2024
Published
03 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
10.93%

  • 1 Post

CVE Info

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Fediverse

Profile picture

SonicWall urges immediate application of fixes for a high-severity path traversal vulnerability, CVE-2024-36991, in Splunk Enterprise on Windows versions earlier than 9.2.2, 9.1.5, and 9.0.10, which could facilitate endpoint directory listing and sensitive data access.
msspalert.com/brief/immediate-

  • 0
  • 0
  • 21 hours ago

CVE-2021-38578

TianoCore EDK II

03 Mar 2022
Published
23 Nov 2022
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.18%

  • 1 Post

CVE Info

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Fediverse

CVE-2023-46229

Pending

19 Oct 2023
Published
19 Oct 2023
Updated

CVSS
Pending
EPSS
0.08%

  • 1 Post
  • 4 Interactions

CVE Info

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

Fediverse

Profile picture

Unit 42: Vulnerabilities in LangChain Gen AI
LangChain Gen AI is supposedly a popular open source generative AI framework on GitHub. Palo Alto Networks researchers discovered two vulnerabilities:

  • CVE-2023-46229 (8.8 high) LangChain server-side request forgery (SSRF)
  • CVE-2023-44467 (9.8 critical) LangChain prompt injection vulnerability.

Oddly, the MITRE/NVD description for CVE-2023-44467 states that it is a CVE-2023-36258 patch bypass but this article doesn't mention that CVE ID at all. Unit 42 provides technical analyses of both CVEs and proofs of concept.

  • 3
  • 1
  • 8 hours ago

CVE-2023-36258

Pending

03 Jul 2023
Published
26 Feb 2024
Updated

CVSS
Pending
EPSS
0.28%

  • 1 Post
  • 4 Interactions

CVE Info

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.

Fediverse

Profile picture

Unit 42: Vulnerabilities in LangChain Gen AI
LangChain Gen AI is supposedly a popular open source generative AI framework on GitHub. Palo Alto Networks researchers discovered two vulnerabilities:

  • CVE-2023-46229 (8.8 high) LangChain server-side request forgery (SSRF)
  • CVE-2023-44467 (9.8 critical) LangChain prompt injection vulnerability.

Oddly, the MITRE/NVD description for CVE-2023-44467 states that it is a CVE-2023-36258 patch bypass but this article doesn't mention that CVE ID at all. Unit 42 provides technical analyses of both CVEs and proofs of concept.

  • 3
  • 1
  • 8 hours ago

CVE-2024-0760

ISC BIND 9

23 Jul 2024
Published
23 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

  • 1 Post
  • 10 Interactions

CVE Info

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.

Fediverse

Profile picture

BIND users-

Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available at isc.org/download. (packages will be building now, so if you don't see them yet, check back later)

These releases include fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):

kb.isc.org/docs/cve-2024-0760
kb.isc.org/docs/cve-2024-1737
kb.isc.org/docs/cve-2024-1975
kb.isc.org/docs/cve-2024-4076

...

1/2

  • 5
  • 5
  • 7 hours ago

CVE-2024-1975

ISC BIND 9

23 Jul 2024
Published
23 Jul 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

  • 1 Post
  • 10 Interactions

CVE Info

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Fediverse

Profile picture

BIND users-

Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available at isc.org/download. (packages will be building now, so if you don't see them yet, check back later)

These releases include fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):

kb.isc.org/docs/cve-2024-0760
kb.isc.org/docs/cve-2024-1737
kb.isc.org/docs/cve-2024-1975
kb.isc.org/docs/cve-2024-4076

...

1/2

  • 5
  • 5
  • 7 hours ago

CVE-2024-6467

reputeinfosystems Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress

17 Jul 2024
Published
23 Jul 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

  • 1 Post

CVE Info

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information.

Fediverse

Profile picture

: 10,000+ WordPress Sites Affected by High Severity Vulnerabilities in WordPress Plugin: CVE-2024-6660, CVE-2024-6467

πŸ‘‡
wordfence.com/blog/2024/07/100

  • 0
  • 0
  • 22 hours ago

CVE-2024-6660

reputeinfosystems Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress

17 Jul 2024
Published
17 Jul 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

  • 1 Post

CVE Info

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Fediverse

Profile picture

: 10,000+ WordPress Sites Affected by High Severity Vulnerabilities in WordPress Plugin: CVE-2024-6660, CVE-2024-6467

πŸ‘‡
wordfence.com/blog/2024/07/100

  • 0
  • 0
  • 22 hours ago