CVE-2024-38812

VMware vCenter Server

17 Sept 2024
Published
18 Sept 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

  • 6 Posts
  • 22 Interactions

CVE Info

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Fediverse

Profile picture

"VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest"
⬇️
"The most severe of the two, tagged as CVE-2024-38812 ... VMware warned that an attacker with network access to the server could send a specially crafted packet to execute remote code. The flaw carries a CVSS severity score of 9.8/10."
⬇️
"Chinese law dictates that zero-day vulnerabilities found by citizens must be promptly disclosed to the government. The details of a security hole cannot be sold or provided to any third-party, apart from the product’s manufacturer. The cybersecurity industry has raised concerns that the law will help the Chinese government stockpile zero-days."
👇
securityweek.com/vmware-patche
⬇️
🩹
👇
support.broadcom.com/web/ecx/s

  • 0
  • 0
  • 10 hours ago
Profile picture

VMware security advisory: VMSA-2024-0019

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

According to the stupid bit.ly shortened link to the Frequently Asked Questions:

Broadcom is not currently aware of exploitation “in the wild.” If that changes the advisory and this document will be updated. Please subscribe to the VMSA mailing list (link above) for proactive alerts.

Obligatory fuck Broadcom.

  • 4
  • 6
  • 22 hours ago
Profile picture

❗Broadcom has disclosed two vulnerabilities impacting VMware vCenter servers, found in VMware vSphere and VMware Cloud Foundation products. Successful exploitation of CVE-2024-38812 and CVE-2024-38813 can enable an attacker to send requests that trigger a heap-overflow resulting in RCE or privilege escalation into root.

🛑 Be advised that CVE-2024-38812 is rated as critical with CVSS score of 9.8.

👉 Use our research team’s Rapid Response post to quickly check for potentially vulnerable systems in your environment:

runzero.com/blog/broadcom-vcen

  • 3
  • 1
  • 19 hours ago
Profile picture

Security Week: VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
Security Week links the VMware vCenter vulnerabilities CVE-2024-38812 and CVE-2024-38813 (see parent toot above for the security advisory) to the 2024 Matrix Cup contest. @nattothoughts has thoughts on that: Matrix Cup: Cultivating Top Hacking Talent, Keeping Close Hold on Results

It prioritizes new talent cultivation and expands the access of intelligence agencies to critical vulnerabilities, as the vulnerabilities found in the contest are likely channeled to the Ministry of State Security (MSS) for potential use in offensive operations.

  • 2
  • 5
  • 22 hours ago
Profile picture

VMSA-2024-0019: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)

CVSS Base Score: 7.5-9.8

You should patch ASAP.

support.broadcom.com/web/ecx/s

  • 1
  • 0
  • 23 hours ago

CVE-2024-45409

SAML-Toolkits ruby-saml

10 Sept 2024
Published
11 Sept 2024
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

  • 2 Posts
  • 37 Interactions

CVE Info

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Fediverse

Profile picture

GitLab security advisory: GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
CVE-2024-45409 (perfect 10.0 critical 🥳 cc: @cR0w) SAML authentication bypass

GitLab doing me a heccin' concern because they're already talking about detecting unsuccessful and successful exploitation attempts. I can't definitively say if exploitation in the wild occurred based on the verbiage in this advisory.

cc: @campuscodi @goatyell @da_667

  • 23
  • 10
  • 22 hours ago
Profile picture

GitLab instances are inheriting the Ruby SAML Auth vuln #CVE202445409 that allows threat actors to forge SAML Assertions. #GitLab drops emergency updates for this CVSS 10/10.

Note that IdP SSO having MFA does NOT protect against this attack. Patching or MFA on the Instance is required.

about.gitlab.com/releases/2024

#ThreatIntel and #ThreatHunting examples are included at the link

  • 2
  • 2
  • 20 hours ago

CVE-2024-20685

Microsoft Azure Private 5G Core

09 Apr 2024
Published
01 Aug 2024
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.07%

  • 2 Posts
  • 1 Interaction

CVE Info

Azure Private 5G Core Denial of Service Vulnerability

Fediverse

Profile picture

Trend Micro: Vulnerabilities in Cellular Packet Cores Part IV: Authentication
Trend Micro describes two vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). This article is the latest in a series about vulnerabilities in cellular packet cores, using various commercial and open-source products as examples. They are focused more on systemic issues and attack vectors. CVE-2024-20685 (5.9 medium, assigned 09 April 2024) Azure Private 5G Core Denial of Service Vulnerability can lead to potential service outages. Another yet-unassigned vulnerability ZDI-CAN-23960 is titled Microsoft Azure Private 5G Core Un- Authenticated Base Station Override, would disconnect and replace attached base stations, disrupting network operations. Trend Micro gives an overview of cellular network architecture, describes the vulnerabilities and their impact.

  • 1
  • 0
  • 5 hours ago
Profile picture

"Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness" - trendmicro.com/en_us/research/

  • 0
  • 0
  • 7 hours ago

CVE-2015-7036

Pending

22 Nov 2015
Published
06 Aug 2024
Updated

CVSS
Pending
EPSS
5.45%

  • 1 Post
  • 5 Interactions

CVE Info

The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

Fediverse

Profile picture

Oh hey, my Mazda vuln got publicly disclosed as 0-day: zerodayinitiative.com/advisori

I will probably write up a blog post about it, but the elevator pitch is that there’s an SQL injection bug in the way Visteon infotainment systems handle iPods that get connected to the car. And because it uses SQLite, you could potentially combine it with the ever-awesome CVE-2015-7036 or something similar to get root code execution.

  • 1
  • 4
  • 4 hours ago

CVE-2024-29847

Ivanti EPM

12 Sept 2024
Published
17 Sept 2024
Updated

CVSS v3.0
CRITICAL (10.0)
EPSS
0.11%

  • 1 Post
  • 1 Interaction

CVE Info

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

Fediverse

Profile picture

L’Exploit per il Bug di Ivanti è Online: Che la Caccia abbia Inizio! Quindi, Patchare subito
poliverso.org/display/0477a01e
L’Exploit per il Bug di Ivanti è Online: Che la Caccia abbia Inizio! Quindi, Patchare subitoÈ apparso online un redhotcyber.com/post/cosa-sono… redhotcyber.com/post/cosa-sono… per una vulnerabilità redhotcyber.com/post/vulnerabi… critica legata all’esecuzione di codice in modalità remota (CVE-2024-29847) in Ivanti Endpoint Manager.

  • 1
  • 0
  • 11 hours ago

CVE-2024-38813

VMware vCenter Server

17 Sept 2024
Published
17 Sept 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

  • 4 Posts
  • 22 Interactions

CVE Info

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Fediverse

Profile picture

VMware security advisory: VMSA-2024-0019

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

According to the stupid bit.ly shortened link to the Frequently Asked Questions:

Broadcom is not currently aware of exploitation “in the wild.” If that changes the advisory and this document will be updated. Please subscribe to the VMSA mailing list (link above) for proactive alerts.

Obligatory fuck Broadcom.

  • 4
  • 6
  • 22 hours ago
Profile picture

❗Broadcom has disclosed two vulnerabilities impacting VMware vCenter servers, found in VMware vSphere and VMware Cloud Foundation products. Successful exploitation of CVE-2024-38812 and CVE-2024-38813 can enable an attacker to send requests that trigger a heap-overflow resulting in RCE or privilege escalation into root.

🛑 Be advised that CVE-2024-38812 is rated as critical with CVSS score of 9.8.

👉 Use our research team’s Rapid Response post to quickly check for potentially vulnerable systems in your environment:

runzero.com/blog/broadcom-vcen

  • 3
  • 1
  • 19 hours ago
Profile picture

Security Week: VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
Security Week links the VMware vCenter vulnerabilities CVE-2024-38812 and CVE-2024-38813 (see parent toot above for the security advisory) to the 2024 Matrix Cup contest. @nattothoughts has thoughts on that: Matrix Cup: Cultivating Top Hacking Talent, Keeping Close Hold on Results

It prioritizes new talent cultivation and expands the access of intelligence agencies to critical vulnerabilities, as the vulnerabilities found in the contest are likely channeled to the Ministry of State Security (MSS) for potential use in offensive operations.

  • 2
  • 5
  • 22 hours ago
Profile picture

VMSA-2024-0019: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)

CVSS Base Score: 7.5-9.8

You should patch ASAP.

support.broadcom.com/web/ecx/s

  • 1
  • 0
  • 23 hours ago

CVE-2024-8190

KEV
Ivanti CSA (Cloud Services Appliance)

10 Sept 2024
Published
16 Sept 2024
Updated

CVSS v3.1
HIGH (7.2)
EPSS
15.12%

  • 1 Post

CVE Info

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Fediverse

Profile picture

CVE-2024-8190 is an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, under active exploitation.
helpnetsecurity.com/2024/09/17

  • 0
  • 0
  • 16 hours ago

CVE-2024-43102

FreeBSD

05 Sept 2024
Published
16 Sept 2024
Updated

CVSS
Pending
EPSS
0.09%

  • 1 Post

CVE Info

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.

Fediverse

Profile picture

Update : NetApp ONTAP 9(formerly Clustered Data ONTAP) found to be affected by CVE-2024-43102.

Advisory Link: security.netapp.com/advisory/n

  • 0
  • 0
  • 14 hours ago

CVE-2024-34750

Apache Software Foundation Tomcat

03 Jul 2024
Published
16 Aug 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 3 Interactions

CVE Info

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Fediverse

Profile picture

Atlassian security advisory: Security Bulletin - September 17 2024
I keep forgetting that Atlassian does third Tuesday of the month for . Multiple products are updated:

  • Bamboo Data Center and Server: CVE-2024-34750 (7.5 High) DoS (Denial of Service)
  • Bitbucket Data Center and Server:
    • CVE-2024-32007 (7.5 High) DoS
    • CVE-2024-34750 (7.5 High) DoS
  • Confluence Data Center and Server:
    • CVE-2024-29857 (7.5 High) DoS
    • CVE-2024-22871 (7.5 High) DoS
  • Crowd Data Center and Server: CVE-2024-29857 (7.5 High) DoS

No mention of exploitation.

  • 1
  • 2
  • 3 hours ago

CVE-2024-38112

KEV
Microsoft Windows 10 Version 22H2

09 Jul 2024
Published
17 Sept 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
64.67%

  • 1 Post

CVE Info

Windows MSHTML Platform Spoofing Vulnerability

Fediverse

Profile picture

Microsoft confirmed CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML, was exploited as part of an attack chain relating to CVE-2024-38112, prior to July 2024.
helpnetsecurity.com/2024/09/16

  • 0
  • 0
  • 16 hours ago

CVE-2024-43461

KEV
Microsoft Windows 11 Version 24H2

10 Sept 2024
Published
17 Sept 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
16.24%

  • 1 Post

CVE Info

Windows MSHTML Platform Spoofing Vulnerability

Fediverse

Profile picture

Microsoft confirmed CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML, was exploited as part of an attack chain relating to CVE-2024-38112, prior to July 2024.
helpnetsecurity.com/2024/09/16

  • 0
  • 0
  • 16 hours ago

CVE-2019-1069

Microsoft Windows

12 Jun 2019
Published
18 Sept 2024
Updated

CVSS
Pending
EPSS
0.43%

  • 1 Post
  • 6 Interactions

CVE Info

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.

Fediverse

Profile picture

CISA: CISA Adds Five Known Vulnerabilities to Catalog
This is so hot off the press that CISA's press team hasn't created the page yet. 5 are being added to the KEV:

  • CVE-2020-14644 (9.8 critical) Oracle WebLogic Server Remote Code Execution Vulnerability
  • CVE-2022-21445 (9.8 critical) Oracle JDeveloper Remote Code Execution Vulnerability
  • CVE-2019-1069 (7.8 high) Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
  • CVE-2020-0618 (8.8 high) Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
  • CVE-2024-27348 (9.8 critical) Apache HugeGraph-Server Improper Access Control Vulnerability

  • 2
  • 4
  • 4 hours ago

CVE-2020-0618

Microsoft SQL Server

11 Feb 2020
Published
18 Sept 2024
Updated

CVSS
Pending
EPSS
97.34%

  • 1 Post
  • 6 Interactions

CVE Info

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Fediverse

Profile picture

CISA: CISA Adds Five Known Vulnerabilities to Catalog
This is so hot off the press that CISA's press team hasn't created the page yet. 5 are being added to the KEV:

  • CVE-2020-14644 (9.8 critical) Oracle WebLogic Server Remote Code Execution Vulnerability
  • CVE-2022-21445 (9.8 critical) Oracle JDeveloper Remote Code Execution Vulnerability
  • CVE-2019-1069 (7.8 high) Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
  • CVE-2020-0618 (8.8 high) Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
  • CVE-2024-27348 (9.8 critical) Apache HugeGraph-Server Improper Access Control Vulnerability

  • 2
  • 4
  • 4 hours ago

CVE-2024-27348

Apache Software Foundation HugeGraph-Server

22 Apr 2024
Published
18 Sept 2024
Updated

CVSS
Pending
EPSS
0.21%

  • 1 Post
  • 6 Interactions

CVE Info

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Fediverse

Profile picture

CISA: CISA Adds Five Known Vulnerabilities to Catalog
This is so hot off the press that CISA's press team hasn't created the page yet. 5 are being added to the KEV:

  • CVE-2020-14644 (9.8 critical) Oracle WebLogic Server Remote Code Execution Vulnerability
  • CVE-2022-21445 (9.8 critical) Oracle JDeveloper Remote Code Execution Vulnerability
  • CVE-2019-1069 (7.8 high) Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
  • CVE-2020-0618 (8.8 high) Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
  • CVE-2024-27348 (9.8 critical) Apache HugeGraph-Server Improper Access Control Vulnerability

  • 2
  • 4
  • 4 hours ago

CVE-2024-37985

Microsoft Windows 11 version 22H2

17 Sept 2024
Published
18 Sept 2024
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.05%

  • 1 Post
  • 3 Interactions

CVE Info

Windows Kernel Information Disclosure Vulnerability

Fediverse

Profile picture

Microsoft Security Response Center (MSRC) security advisories:

  • CVE-2024-38183 (8.8 high) GroupMe Elevation of Privilege Vulnerability
  • CVE-2024-43460 (8.1 high) Dynamics 365 Business Central Elevation of Privilege Vulnerability

These two are not exploited, not publicly disclosed, and exploitation less likely. "This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency."

In other news, MSRC updated CVE-2024-37985 (5.9 medium, disclosed 09 July 2024 by Microsoft as a EDIT: publicly-disclosed* vulnerability) Windows Kernel Information Disclosure Vulnerability. "Updated CNA for this CVE to Microsoft and updated the FAQ. This is an informational update only."

  • 1
  • 2
  • 19 hours ago