ChakraCore, Microsoft Edge, Internet Explorer Security Vulnerabilities

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka.....

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

Emerson Ovation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Ovation Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

Microsoft Recall snapshots can be easily grabbed with TotalRecall tool

Microsoft's Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature...

BIT-envoy-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching...

BIT-envoy-2024-32974

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after...

BIT-envoy-2024-32975

Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion()...

BIT-envoy-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra...

BIT-envoy-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager (HCM) with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESET_STREAM frame, and then after receiving...

BIT-envoy-2024-34363

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...

BIT-envoy-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded...

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Artifact Registry Container images. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default credentials set within the image. The issue...

Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack....

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer ( CVE-2024-22329, CVE-2023-50312)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE ( CVE-2024-22329, CVE-2023-50312). Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application...

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....

Security Bulletin: A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-21319)

Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND

Summary UPDATED: (Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable) Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details **...

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

Say hello to the fifth generation of Malwarebytes

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here's what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now...

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...

Online Privacy and Overfishing

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren't about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion.....

FRR vulnerabilities

Releases Ubuntu 20.04 LTS Packages frr - FRRouting suite of internet protocols Details It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2022-26126,...

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

CVE-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded...

CVE-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra...

CVE-2024-34363

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...

CVE-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra...

CVE-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager (HCM) with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESET_STREAM frame, and then after receiving...

CVE-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded...

CVE-2024-34363

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...

CVE-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager (HCM) with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESET_STREAM frame, and then after receiving...

CVE-2024-32975

Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion()...

CVE-2024-32974

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after...

CVE-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching...

CVE-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching...