BIG-IP AFM & PEM Security Vulnerabilities

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 6 : tcpdump (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tcpdump: SMB data printing mishandled (CVE-2018-10105) The AH parser in tcpdump before 4.9.0 has a...

RHEL 6 : iproute (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...

RHEL 5 : tcpdump (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tcpdump: SMB data printing mishandled (CVE-2018-10105) The AH parser in tcpdump before 4.9.0 has a...

RHEL 9 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668) A flaw was found in Open vSwitch...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: arbitrary command execution via VCS path (CVE-2018-7187) golang: Command-line arguments may...

Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. The default...

unbound security update

An update is available for unbound. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The unbound packages provide a validating, recursive, and caching DNS or...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty

CVE-2024-31497 POC This vulnerability exploits the biased...

BIG-IP Next Central Manager Flaws Lead To Administrative Control

...

K000139570: UNIX CPIO vulnerability CVE-2023-7216

Security Advisory Description A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1594)

The remote host is missing an update for the Huawei...

K000139579: Node.js vulneraility CVE-2024-21891

Security Advisory Description Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects...

Fedora 38 : python-dns (2024-bbd76d7c63)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bbd76d7c63 advisory. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid...

K000139577: Node.js vulnerability CVE-2024-21890

Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/. This misleading...

K000139573: node.js vulnerability CVE-2024-22017

Security Advisory Description setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects.....

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1572)

The remote host is missing an update for the Huawei...

K000139580: MySQL Server vulnerability CVE-2024-20998

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K000139578: Node.js vulnerability CVE-2024-21896

Security Advisory Description The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse....

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clea...

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clea...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

How AI enhances static application security testing (SAST)

In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no.....

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no.....

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet...

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of...

Exploit for CVE-2024-26026

CVE-2024-26026 BIG-IP Next...

Exploit for CVE-2024-21793

CVE-2024-21793...

F5 BIG-IP Next Central Manager 20.0.1 < 20.2.0 OData Injection (K000138732)

The version of the Big-IP Next Central Manager installed on the remote Windows host is between 20.0.1 and 20.1.0. It is, therefore, affected by an OData Injection vulnerability as referenced in the K000138732 advisory. An unauthenticated attacker can exploit this vulnerability to execute malicious....

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...

F5 BIG-IP Next Central Manager 20.0.1 < 20.2.0 SQL Injection (K000138733)

The version of the Big-IP Next Central Manager installed on the remote Windows host is between 20.0.1 and 20.1.0. It is, therefore, affected by an SQL Injection vulnerability as referenced in the K000138733 advisory. An unauthenticated attacker can exploit this vulnerability to execute malicious...

Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting

...

F5 BIG-IP Next Central Manager < 20.2.0 SQLi (K000138733) (Direct Check)

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not...

Oracle Linux 9 : gnutls (ELSA-2024-12364)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12364 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

EulerOS 2.0 SP10 : libuv (EulerOS-SA-2024-1572)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

EulerOS 2.0 SP10 : libuv (EulerOS-SA-2024-1594)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019

Security Advisory Description CVE-2023-46809 This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2024-21892 On Linux, Node.js ignores certain environment...

Openmediavault Remote Code Execution / Local Privilege Escalation

...

F5 BIG-IP Next Central Manager Installed (Linux)

F5 BIG-IP Next Central Manager is installed on the remote Linux...

CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached...

CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached...

CVE-2024-33604

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...

CVE-2024-32761

Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. ....

CVE-2024-32761

Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. ....

CVE-2024-33608

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...

CVE-2024-33604

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...