BIG-IP (DNS, GTM) Security Vulnerabilities

CVE-2021-47546 ipv6: fix memory leak in fib6_rule_suppress

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as...

CVE-2024-35340

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at...

CVE-2024-35339

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split...

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

container-tools:ol8 security update

...

K000139764: Apache HTTPD vulnerability CVE-2023-38709

Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) Impact This vulnerability allows malicious or exploitable...

F5 Networks BIG-IP : Libexpat vulnerability (K000139525)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in ...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

CVE-2024-5228

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....

CVE-2024-5243

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5243 TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5228 TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Impact There is a vulnerability in GO managing malformed DNS message, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References CVE-2024-24788 Patches https://github.com/traefik/traefik/releases/tag/v2.11.3...

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Impact There is a vulnerability in GO managing malformed DNS message, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References CVE-2024-24788 Patches https://github.com/traefik/traefik/releases/tag/v2.11.3...

Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux

The DNS infrastructure used for this PoC was the one suggested...

CVE-2021-47293

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $.....

CVE-2021-47276

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) returned -EINVAL and not...

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the....

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

ShrinkLocker: Turning BitLocker into ransomware

Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...

CVE-2023-52828

In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpf_throw kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For...

CVE-2023-52780

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm is not used. The page pool is also not...

SpiderFlow Crawler Platform - Remote Code Execution

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack...

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

A journey into forgotten Null Session and MS-RPC interfaces

A journey into forgotten Null Session and MS-RPC interfaces (PDF) It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null...

[SECURITY] Fedora 39 Update: unbound-1.20.0-1.fc39

Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of...

[SECURITY] Fedora 40 Update: unbound-1.20.0-1.fc40

Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of...

Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.51_security-8 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections...

RHEL 8 : perl:5.32 (RHSA-2024:3128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3128 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): *...

RHEL 8 : frr (RHSA-2024:2981)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2981 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP,...

RHEL 8 : traceroute (RHSA-2024:3211)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3211 advisory. The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): *...

(Pwn2Own) TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific...

(Pwn2Own) TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific...

Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.100_security-7 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections.....

RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

RHEL 8 : python27:2.7 (RHSA-2024:2987)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2987 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level...

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

RHEL 8 : container-tools:rhel8 (RHSA-2024:3254)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3254 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

edk2 security update

[20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - Resolves: RHEL-21158 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-8])...

RHEL 8 : bind and dhcp (RHSA-2024:3271)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3271 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

RHEL 8 : python-dns (RHSA-2024:3275)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3275 advisory. The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used...

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances. Google Cloud Platform (GCP) provides a default VPC called 'default.'.....

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace...

Above - Invisible Network Protocol Sniffer

Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, &lt;[email protected]&gt; Pseudonym: Caster Version: 2.6 ...