B&R APROL Security Vulnerabilities

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2 By Chintan Shah, Maulik Maheta · May 21, 2024 Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service permissions (T1574.011), NTDS.dit file.....

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution

...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:1680-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1680-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

SUSE SLES12 Security Update : kernel (Live Patch 51 for SLE 12 SP5) (SUSE-SU-2024:1692-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1692-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6775-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6775-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading...

CVE-2021-47342

In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...

CVE-2021-47396

In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglx that our handling of the hrtimer here is wrong: If the timer fires late (e.g. due to vCPU scheduling, as reported...

SUSE SLES12 Security Update : kernel (Live Patch 43 for SLE 12 SP5) (SUSE-SU-2024:1686-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1686-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds...

CVE-2024-36001 netfs: Fix the pre-flush when appending to a file in writethrough mode

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

CVE-2024-35993 mm: turn folio_test_hugetlb into a PageType

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6777-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-3 advisory. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations...

Exploit for CVE-2024-29269

🚀 CVE-2024-29269 Exploit This repository contains an exploit...

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...

Exploit for CVE-2023-4596

CVE-2023-4596...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2024-1685)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can...

EulerOS Virtualization 3.0.6.0 : linux-firmware (EulerOS-SA-2024-1692)

According to the versions of the linux-firmware packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged...

Huawei EulerOS: Security Advisory for linux-firmware (EulerOS-SA-2024-1692)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1685)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2024-1672)

According to the versions of the kernel package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and...

EulerOS Virtualization 3.0.6.6 : mdadm (EulerOS-SA-2024-1659)

According to the versions of the mdadm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially...

CVE-2024-24981

Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-23980

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

CVE-2024-22476

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote...

CVE-2024-24981

Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

CVE-2024-23487

Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-23980

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22476

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote...

CVE-2024-23487

Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22382

Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...