Coming Soon – Under Construction Security Vulnerabilities

Security Bulletin: mio-0.8.10.crate, and mio-0.8.8.crate is vulnerable to CVE-2024-27308 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses mio-0.8.10.crate and mio-0.8.8.crate which is vulnerable to CVE-2024-27308 Vulnerability Details ** CVEID: CVE-2024-27308 DESCRIPTION: **Tokio Mio s vulnerable to a denial of service, caused by a use-after-free flaw due to tokens for.....

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details ** CVEID: CVE-2024-0727 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by improper...

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...

CVE-2024-24919: Check Point’s Quantum Gateway comes under Attack as Hackers exploit Zero-Day Vulnerability

Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

CVE-2024-36027

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an.....

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....

CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs...

CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....

CVE-2024-36961 thermal/debugfs: Fix two locking issues with thermal zone debug

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the...

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

RHEL 5 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. zsh: buffer overrun in symlinks (CVE-2017-18206) zsh before 5.0.7 allows evaluation of the initial...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 9 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097) openssl: timing attack in RSA Decryption...

RHEL 7 : apache-commons-compress (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...

RHEL 7 : camel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536) Note that Nessus...

RHEL 7 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: TLS certificate verification disabled for clients (CVE-2017-1000256) The LXC driver...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 6 : emacs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. emacs: command injection flaw within enriched mode handling (CVE-2017-14482) lisp/gnus/gnus-fun.el in...

RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...

RHEL 8 : libpng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libpng: underflow read in png_check_keyword() (CVE-2015-8540) png_image_free in png.c in libpng 1.6.x...

RHEL 8 : apache-commons-compress (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2024-2511)

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. This problem can occur in...

RHEL 6 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) zsh before 5.0.7 allows...

RHEL 7 : chrony (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chrony: missing key check allows impersonation between authenticated peers (VU#357792) (CVE-2016-1567) A...

RHEL 8 : freerdp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset...

CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....

Open Redirect URL in Harbor

Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....

Open Redirect URL in Harbor

Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......

Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) Vulnerability

...

The Ticketmaster Data Breach May Be Just the Beginning

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for....

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...