Good & Bad Comments Security Vulnerabilities

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

CVE-2024-26939

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...

Tinyproxy HTTP request parsing uninitialized memory vulnerability

Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially...

CVE-2024-26983

In the Linux kernel, the following vulnerability has been resolved: bootconfig: use memblock_free_late to free xbc memory to buddy On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock....

CVE-2024-26972

In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path For error handling path in ubifs_symlink(), inode will be marked as bad first, then iput() is invoked. If inode->i_link is initialized by fscrypt_encrypt_symlin...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...

stb stb_vorbis.c comment heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1846 stb stb_vorbis.c comment heap-based buffer overflow vulnerability May 1, 2024 CVE Number CVE-2023-47212 SUMMARY A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead...

CVE-2024-26944

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with...

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

Cisco Talos at RSAC 2024

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. We've pulled together the highlights, so you don't miss out on all things Talos. **Tuesday, May 7 ** Joe...

(RHSA-2024:2562) Important: golang security update

The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...

(RHSA-2024:2287) Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

(RHSA-2024:2160) Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): golang: html/template: improper handling of HTML-like comments within script contexts...

Cross-site Scripting (XSS)

knowledge-repo is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper user input validation in the post comments functionality. This allows an attacker to inject arbitrary web scripts or HTML content into the application, potentially leading to cross-site scripting (XSS)....

RHEL 9 : bind (RHSA-2024:2551)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2551 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for...

Express NODE_ENV 'development' Information Disclosure Vulnerability (HTTP) - Active Check

Express is prone to an information disclosure vulnerability if the NODE_ENV environment variable is set...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...

RHEL 9 : golang (RHSA-2024:2562)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2562 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION...

RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2024:2287)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2287 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474, CVE-2023-40475,...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): golang: html/template: improper handling of HTML-like comments within script contexts...

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): golang: html/template: improper handling of HTML-like comments within script contexts...

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details ** CVEID: CVE-2023-46136 DESCRIPTION:...

Palo Alto Cortex XDR Agent 6.1.x / 7.4.x / 7.5.x / 7.5.x-CE / 7.6.x / 7.7.x DoS

The version of Palo Alto Cortex XDR Agent installed on the remote Windows host is 6.1.x prior to 6.1.9.61370, 7.4.x, 7.5.x prior to 7.5.3.60113, 7.5.x-CE prior to 7.5.100.60642-CE, 7.6.x prior to 7.6.2.60545 or 7.7.x prior to 7.7.0.60725. It is, therefore, affected by a denial of service (DoS)...

Fedora 40 : baresip / libre (2024-a63e807450)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-a63e807450 advisory. Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process...

Fedora 40 : rust-asyncgit / rust-bat / rust-cargo-c / rust-eza / etc (2024-53685bdcb6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-53685bdcb6 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git...

The Bug Report - April 2024 Edition

The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...

RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate...

RHEL 7 : gstreamer1-plugins-bad-free (RHSA-2024:0013)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0013 advisory. gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) Note that Nessus has not tested for this issue but has instead relied only on...

RHEL 7 : CloudForms 4.6.8 (RHSA-2019:0315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0315 advisory. rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627) Note that Nessus has not tested for this issue but has instead relied only on the...

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences

Impact DoS vuln via OOM using jq in ignoreDifferences. ignoreDifferences: - group: apps kind: Deployment jqPathExpressions: - 'until(true == false; [.] + [1])' Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.8 v2.9.13...

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences

Impact DoS vuln via OOM using jq in ignoreDifferences. ignoreDifferences: - group: apps kind: Deployment jqPathExpressions: - 'until(true == false; [.] + [1])' Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.8 v2.9.13...

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

Impact ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

Impact ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...

The private sector probably isn’t coming to save the NVD

I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability that's disclosed and/or patched is now so far...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....

SUSE SLES12 Security Update : nrpe (SUSE-SU-2024:1417-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1417-1 advisory. Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to...

Rancher's Steve API Component Improper authorization check allows privilege escalation

Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...

Rancher's Steve API Component Improper authorization check allows privilege escalation

Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do...

OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions (GHSL-2023-251) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...

OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions (GHSL-2023-251) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...