Good & Bad Comments Security Vulnerabilities

CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...

Billions of scraped Discord messages up for sale

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....

ownCloud < 10.13.3 Improper Input Validation Vulnerability

ownCloud is prone to an improper input validation ...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

CVE-2023-50186

A buffer overflow vulnerability was found in the gstreamer-plugins-bad plugin for the Gstreamer media framework. A successful attack may lead to an application crash or arbitrary code execution if malformed media files are...

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...

[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number form at and UTF-8...

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...

Exploit for Command Injection in Paloaltonetworks Pan-Os

PAN Rapid Check Simple(you should probably just do this in...

What’s the deal with the massive backlog of vulnerabilities at the NVD?

The National Vulnerability Database is usually the single source of truth for all things related to security vulnerabilities. But now, they're facing an uphill battle against a massive backlog of vulnerabilities, some of which are still waiting to be analyzed, and others that still have an...

Denial of Service in Comments API - ownCloud

Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6739-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6739-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only...

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...

CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...

CVE-2024-32689

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...

CVE-2024-32689

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...

CVE-2024-32689 WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

The Windows Registry Adventure #1: Introduction and research results

Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection

Description The Disable Comments | WPZest plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.51 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

Should you share your location with your partner?

Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...

Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...

Biased ECDSA Nonce Generation

PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

CVE-2024-26859 net/bnx2x: Prevent access to a freed page in page_pool

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

[SECURITY] Fedora 39 Update: yyjson-0.9.0-1.fc39

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number form at and UTF-8...

[SECURITY] Fedora 38 Update: yyjson-0.9.0-1.fc38

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number form at and UTF-8...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...

Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in...

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some...

Five Key Takeaways from the 2024 Imperva Bad Bot Report

Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...

Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...

Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant....