CVE-2022-24834

redis

13 Jul 2023
Published
13 Jul 2023
Updated

CVSS v3.1
HIGH (7.0)
EPSS
0.34%

  • 1 Post
  • 8 Interactions

CVE Info

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Fediverse

CVE-2024-24919

KEV
checkpoint Check Point Quantum Gateway, Spark Gateway and CloudGuard Network

28 May 2024
Published
04 Jun 2024
Updated

CVSS v3.1
HIGH (8.6)
EPSS
94.50%

  • 1 Post
  • 7 Interactions

CVE Info

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Fediverse

Profile picture

For those who missed it, this is another fun writeup by @watchtwr@twitter.com

- Wrong Check Point (CVE-2024-24919)

labs.watchtowr.com/check-point

  • 3
  • 4
  • 11 hours ago

CVE-2024-30043

Microsoft SharePoint Enterprise Server 2016

14 May 2024
Published
13 Jun 2024
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.08%

  • 1 Post
  • 5 Interactions

CVE Info

Microsoft SharePoint Server Information Disclosure Vulnerability

Fediverse

CVE-2023-42365

Pending

27 Nov 2023
Published
27 Nov 2023
Updated

CVSS
Pending
EPSS
0.04%

  • 3 Posts
  • 115 Interactions

CVE Info

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

Fediverse

Profile picture

We are pleased to announce the release of Alpine Linux 3.20.1. This release includes various bug fixes and security updates, including security fixes for:

OpenSSL

- CVE-2024-4741

busybox

- CVE-2023-42364
- CVE-2023-42365

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 40
  • 47
  • 21 hours ago
Profile picture

@alpinelinux huh, the upstream busybox bug reports for CVE-2023-42364 and CVE-2023-42365 mention `0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4` as the fix by @ncopa , but also that the upstream fix contains a regression. In the Alpine fix, Natanael fixes the upstream regression 💪

gitlab.alpinelinux.org/alpine/

  • 1
  • 0
  • 19 hours ago
Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2023-42364

Pending

27 Nov 2023
Published
27 Nov 2023
Updated

CVSS
Pending
EPSS
0.04%

  • 3 Posts
  • 115 Interactions

CVE Info

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

Fediverse

Profile picture

We are pleased to announce the release of Alpine Linux 3.20.1. This release includes various bug fixes and security updates, including security fixes for:

OpenSSL

- CVE-2024-4741

busybox

- CVE-2023-42364
- CVE-2023-42365

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 40
  • 47
  • 21 hours ago
Profile picture

@alpinelinux huh, the upstream busybox bug reports for CVE-2023-42364 and CVE-2023-42365 mention `0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4` as the fix by @ncopa , but also that the upstream fix contains a regression. In the Alpine fix, Natanael fixes the upstream regression 💪

gitlab.alpinelinux.org/alpine/

  • 1
  • 0
  • 19 hours ago
Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2024-30078

Microsoft Windows 10 Version 1809

11 Jun 2024
Published
18 Jun 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

  • 1 Post
  • 3 Interactions

CVE Info

Windows Wi-Fi Driver Remote Code Execution Vulnerability

Fediverse

Profile picture

Bruker du MS-Windows? Go patch. Kjør Windows Update. Nå. Med en gang. Ikke vent. Umiddelbart. PC'n din kan eies av en som er i wifi-rekkevidde av din PC. msrc.microsoft.com/update-guid github.com/lvyitian/CVE-2024-3

#Norsktut #itsikkerhet #mswindows

  • 1
  • 2
  • 10 hours ago

CVE-2024-5671

Trellix Intrusion Prevention System (IPS) Manager

14 Jun 2024
Published
14 Jun 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

  • 1 Post
  • 2 Interactions

CVE Info

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

Fediverse

CVE-2024-31317

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 1 Post
  • 1 Interaction

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture

CVE-2024-31317: execute arbitrary code as any app on a device

rtx.meta.security/exploitation

Technical blog post by Tom Hebb

  • 1
  • 0
  • 9 hours ago

CVE-2019-6268

Pending

08 Mar 2024
Published
08 Mar 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post

CVE Info

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

Fediverse

Profile picture

The flaw has been assigned the identifier CVE-2019-6268, but no information appears to have been publicly available until early March 2024, when someone released technical details and a PoC on the Packet Storm website. securityweek.com/cisa-informs-

  • 0
  • 0
  • 4 hours ago

CVE-2024-4741

Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

  • 1 Post
  • 87 Interactions

CVE Info

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Fediverse

Profile picture

We are pleased to announce the release of Alpine Linux 3.20.1. This release includes various bug fixes and security updates, including security fixes for:

OpenSSL

- CVE-2024-4741

busybox

- CVE-2023-42364
- CVE-2023-42365

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 40
  • 47
  • 21 hours ago

CVE-2024-37079

VMware vCenter Server

18 Jun 2024
Published
19 Jun 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

  • 4 Posts
  • 7 Interactions

CVE Info

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Fediverse

Profile picture

VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito

VMware ha risolto una serie di vulnerabilità critiche in vCenter Server, tra cui l’esecuzione di codice in modalità remota e l’escalation dei privilegi locali. Gli sviluppatori hanno fornito correzioni per tre problemi contemporaneamente: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081. Gli errori elencati riguardano VMware vCenter Server versioni 7.0 e 8.0, nonché VMware Cloud Foundation versioni 4.x e 5.x. Le patch […]

L'articolo VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito proviene da il blog della sicurezza informatica.

redhotcyber.com/post/vmware-vc
redhotcyber.com/feed

poliverso.org/display/0477a01e

  • 0
  • 0
  • 3 hours ago
Profile picture

#VMware has released software updates to address critical vulnerabilities in #vCenter Server

Two of the vulnerabilities, tracked as CVE-2024-37079 and 37080, can lead to remote code execution, and the third vulnerability, tracked as CVE-2024-37081, can lead to privilege escalation

Administrators are advised to patch ASAP

#cybersecurity

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 15 hours ago
Profile picture

VMware security advisory disclosed 17 June 2024: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)

  • CVE-2024-37079 and CVE-2024-37080 (9.8 critical) heap-overflow vulnerability (sending a specially crafted network packet potentially leading to remote code execution)
  • CVE-2024-37081 (7.8 high) privilege escalation vulnerability (elevate privileges to root on vCenter Server Appliance)

No mention of exploitation. Fuck Broadcom though for making these security advisories harder to find and no public RSS feeds for it.

  • 0
  • 4
  • 14 hours ago

CVE-2024-37081

VMware vCenter Server

18 Jun 2024
Published
19 Jun 2024
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.04%

  • 4 Posts
  • 7 Interactions

CVE Info

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Fediverse

Profile picture

VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito

VMware ha risolto una serie di vulnerabilità critiche in vCenter Server, tra cui l’esecuzione di codice in modalità remota e l’escalation dei privilegi locali. Gli sviluppatori hanno fornito correzioni per tre problemi contemporaneamente: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081. Gli errori elencati riguardano VMware vCenter Server versioni 7.0 e 8.0, nonché VMware Cloud Foundation versioni 4.x e 5.x. Le patch […]

L'articolo VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito proviene da il blog della sicurezza informatica.

redhotcyber.com/post/vmware-vc
redhotcyber.com/feed

poliverso.org/display/0477a01e

  • 0
  • 0
  • 3 hours ago
Profile picture

#VMware has released software updates to address critical vulnerabilities in #vCenter Server

Two of the vulnerabilities, tracked as CVE-2024-37079 and 37080, can lead to remote code execution, and the third vulnerability, tracked as CVE-2024-37081, can lead to privilege escalation

Administrators are advised to patch ASAP

#cybersecurity

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 15 hours ago
Profile picture

VMware security advisory disclosed 17 June 2024: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)

  • CVE-2024-37079 and CVE-2024-37080 (9.8 critical) heap-overflow vulnerability (sending a specially crafted network packet potentially leading to remote code execution)
  • CVE-2024-37081 (7.8 high) privilege escalation vulnerability (elevate privileges to root on vCenter Server Appliance)

No mention of exploitation. Fuck Broadcom though for making these security advisories harder to find and no public RSS feeds for it.

  • 0
  • 4
  • 14 hours ago

CVE-2024-0087

nvidia NVIDIA Triton Inference Server

09 May 2024
Published
04 Jun 2024
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
0.04%

  • 1 Post
  • 4 Interactions

CVE Info

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Fediverse

Profile picture

sites.google.com/site/zhiniang

Preauth RCE on NVIDIA Triton Server

#threatintel #infosec #nvidia
CVE-2024-0087 & CVE-2024-0088

  • 2
  • 2
  • 5 hours ago

CVE-2024-0088

nvidia NVIDIA Triton Inference Server

09 May 2024
Published
04 Jun 2024
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
0.04%

  • 1 Post
  • 4 Interactions

CVE Info

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering.

Fediverse

Profile picture

sites.google.com/site/zhiniang

Preauth RCE on NVIDIA Triton Server

#threatintel #infosec #nvidia
CVE-2024-0087 & CVE-2024-0088

  • 2
  • 2
  • 5 hours ago

CVE-2024-37080

VMware vCenter Server

18 Jun 2024
Published
18 Jun 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

  • 3 Posts
  • 7 Interactions

CVE Info

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Fediverse

Profile picture

VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito

VMware ha risolto una serie di vulnerabilità critiche in vCenter Server, tra cui l’esecuzione di codice in modalità remota e l’escalation dei privilegi locali. Gli sviluppatori hanno fornito correzioni per tre problemi contemporaneamente: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081. Gli errori elencati riguardano VMware vCenter Server versioni 7.0 e 8.0, nonché VMware Cloud Foundation versioni 4.x e 5.x. Le patch […]

L'articolo VMware vCenter Server: 2 RCE da 9,8 di score e una Privilege Escalation da Patchare subito proviene da il blog della sicurezza informatica.

redhotcyber.com/post/vmware-vc
redhotcyber.com/feed

poliverso.org/display/0477a01e

  • 0
  • 0
  • 3 hours ago
Profile picture

VMware security advisory disclosed 17 June 2024: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)

  • CVE-2024-37079 and CVE-2024-37080 (9.8 critical) heap-overflow vulnerability (sending a specially crafted network packet potentially leading to remote code execution)
  • CVE-2024-37081 (7.8 high) privilege escalation vulnerability (elevate privileges to root on vCenter Server Appliance)

No mention of exploitation. Fuck Broadcom though for making these security advisories harder to find and no public RSS feeds for it.

  • 0
  • 4
  • 14 hours ago

CVE-2024-6045

D-Link G403

17 Jun 2024
Published
17 Jun 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

  • 1 Post
  • 2 Interactions

CVE Info

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.

Fediverse

Profile picture

Taiwan CERT/CC: D-Link router - Hidden Backdoor
what the fuck D-Link. This is the second time this year that D-Link products were discovered to have a backdoor in them! CVE-2024-6045 (8.8 high)

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.

h/t: @jullrich of @sans_isc

  • 1
  • 1
  • 13 hours ago

CVE-2024-28056

Pending

15 Apr 2024
Published
15 Apr 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider.

Fediverse

Profile picture

This was a really interesting deep dive into security vulnerabilities due to misconfigured trust policies and IAM Role policies.

Authors of these policies must be extremely careful when crafting them, as it is *very* easy to inadvertently permit undesired access. As a result, even AWS engineers can make mistakes with dire consequences [0].

youtu.be/SodD-AS7t-k by @frichetten via @fwdcloudsec

[0] CVE-2024-28056 in the Amplify CLI: aws.amazon.com/security/securi

  • 0
  • 1
  • 13 hours ago

CVE-2024-28995

SolarWinds Serv-U

06 Jun 2024
Published
10 Jun 2024
Updated

CVSS v3.1
HIGH (8.6)
EPSS
11.27%

  • 1 Post

CVE Info

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Fediverse

Profile picture

GreyNoise: SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you!
GreyNoise analyzes exploitation attempts against their experimental honeypots that appear vulnerable to the SolarWinds Serv-U path-traversal vulnerability CVE-2024-28995 (see parent toots above for more info). Very interesting read to see threat actors' operational mistakes and determine whether it was an actual human being performing hands on keyboard activity. IOC are scattered throughout blog post.

  • 0
  • 0
  • 14 hours ago

CVE-2024-37891

urllib3

17 Jun 2024
Published
18 Jun 2024
Updated

CVSS v3.1
MEDIUM (4.4)
EPSS
0.04%

  • 1 Post

CVE Info

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.

Fediverse

Profile picture

Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
This vulnerability has been assigned CVE-2024-37891.
For those not familiar with urllib3, it describes it's self as

a powerful, user-friendly HTTP client for Python

It is used by many projects and libraries, including the popular requests library.

github.com/urllib3/urllib3/sec

  • 0
  • 0
  • 23 hours ago

CVE-2024-0757

Unknown Insert or Embed Articulate Content into WordPress

04 Jun 2024
Published
04 Jun 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post

CVE Info

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

Fediverse

Profile picture

🚨POC RELEASED🚨A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)

The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible.

CVSS: 8.8 (High) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
Software Type: Plugin
Software Slug: insert-or-embed-articulate-content-into-wordpress
Affected Version: <= 4.3000000023

x.com/DarkWebInformer/status/1

github.com/hunThubSpace/CVE-20

  • 0
  • 0
  • 23 hours ago

CVE-2023-32681

psf requests

26 May 2023
Published
26 May 2023
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.14%

  • 1 Post

CVE Info

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

Fediverse

Profile picture

A similar vulnerability in requests was found in May of last year, and was assigned CVE-2023-32681

github.com/psf/requests/securi

  • 0
  • 0
  • 23 hours ago

CVE-2024-2511

OpenSSL

08 Apr 2024
Published
04 Jun 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 27 Interactions

CVE Info

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

Fediverse

Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2024-4603

OpenSSL

16 May 2024
Published
16 May 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 27 Interactions

CVE Info

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (`p` parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the `-check` option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Fediverse

Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2023-42366

Pending

27 Nov 2023
Published
27 Nov 2023
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 27 Interactions

CVE Info

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

Fediverse

Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2023-42363

Pending

27 Nov 2023
Published
27 Nov 2023
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 27 Interactions

CVE Info

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

Fediverse

Profile picture

Also released: Alpine Linux 3.17.8, 3.18.7 and 3.19.2.

Those releases contains various security fixes including fixes for:

OpenSSL

- CVE-2024-2511
- CVE-2024-4603

busybox

- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366

See: alpinelinux.org/posts/Alpine-3

#AlpineLinux

  • 10
  • 17
  • 21 hours ago

CVE-2023-34048

VMware vCenter Server

25 Oct 2023
Published
04 Jun 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
4.38%

  • 1 Post
  • 2 Interactions

CVE Info

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Fediverse

Profile picture

Mandiant: Cloaked and Covert: Uncovering UNC3886 Espionage Operations
Mandiant blogs about the Chinese state-sponsored espionage actor UNC3886. They discuess UNC3886's intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including:

  • The use of publicly available rootkits for long-term persistence
  • Deployment of malware that leveraged trusted third-party services for C2
  • Subverting access and collecting credentials with Secure Shell (SSH) backdoors
  • Extracting credentials from TACACS+ authentication using custom malware

Vulnerabilities exploited by UNC3886 include CVE-2023-34048, CVE-2022-41328, CVE-2022-22948 (surprisingly not in the KEV Catalog cc: @todb) and CVE-2023-20867. The TACACS+ section is really informative and interesting. IOC and Yara rules provided.

  • 0
  • 2
  • 14 hours ago

CVE-2022-41328

KEV
Fortinet FortiOS

07 Mar 2023
Published
07 Mar 2023
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
6.75%

  • 1 Post
  • 2 Interactions

CVE Info

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

Fediverse

Profile picture

Mandiant: Cloaked and Covert: Uncovering UNC3886 Espionage Operations
Mandiant blogs about the Chinese state-sponsored espionage actor UNC3886. They discuess UNC3886's intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including:

  • The use of publicly available rootkits for long-term persistence
  • Deployment of malware that leveraged trusted third-party services for C2
  • Subverting access and collecting credentials with Secure Shell (SSH) backdoors
  • Extracting credentials from TACACS+ authentication using custom malware

Vulnerabilities exploited by UNC3886 include CVE-2023-34048, CVE-2022-41328, CVE-2022-22948 (surprisingly not in the KEV Catalog cc: @todb) and CVE-2023-20867. The TACACS+ section is really informative and interesting. IOC and Yara rules provided.

  • 0
  • 2
  • 14 hours ago

CVE-2023-20867

KEV
VMware Tools

13 Jun 2023
Published
13 Jun 2023
Updated

CVSS v3.1
LOW (3.9)
EPSS
0.16%

  • 1 Post
  • 2 Interactions

CVE Info

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Fediverse

Profile picture

Mandiant: Cloaked and Covert: Uncovering UNC3886 Espionage Operations
Mandiant blogs about the Chinese state-sponsored espionage actor UNC3886. They discuess UNC3886's intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including:

  • The use of publicly available rootkits for long-term persistence
  • Deployment of malware that leveraged trusted third-party services for C2
  • Subverting access and collecting credentials with Secure Shell (SSH) backdoors
  • Extracting credentials from TACACS+ authentication using custom malware

Vulnerabilities exploited by UNC3886 include CVE-2023-34048, CVE-2022-41328, CVE-2022-22948 (surprisingly not in the KEV Catalog cc: @todb) and CVE-2023-20867. The TACACS+ section is really informative and interesting. IOC and Yara rules provided.

  • 0
  • 2
  • 14 hours ago