CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

CVE-2024-8986

CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...

SOFA-Hessian 注入漏洞

SOFA-Hessian is an open source binary serialization protocol. An injection vulnerability exists in SOFA-Hessian versions prior to 3.5.4, which stems from the presence of a deserialization vulnerability that allows bypassing the blacklisting mechanism...

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office SOHO and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Tra...

MLflow Registry Enumeration

Binary data mlflowregistryenumeration.nbin...

Schneider Electric Accutech Manager Server Detection

Binary data schneiderelectricaccutechmanagerserverdetect.nbin...

Schneider Electric Accutech Manager Stack Exhaustion (CVE-2024-6918)

Binary data schneiderelectricaccutechmanagercve-2024-6918.nbin...

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

Apple iOS < 18 Multiple Vulnerabilities (121250)

Binary data appleios18check.nbin...

Apple iOS < 17.7 Multiple Vulnerabilities (121246)

Binary data appleios177check.nbin...

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

CVE-2024-45415

The CVE-2024-45415 issue affects multiple ZTE routers running HTTPD. A stack-based buffer overflow in check_data_integrity, which validates the checksum of POST data, allows an unauthenticated attacker to achieve root RCE by triggering improper handling of the decrypted, unchecked checksum on the...

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

CVE-2024-45413

The CVE-2024-45413 issue affects the HTTPD binary in multiple ZTE routers. A stack-based buffer overflow in rsa_decrypt, an API wrapper for LUA used to decrypt RSA ciphertext, stores decrypted data on the stack without length checks. This allows an authenticated attacker to achieve remote code ex...

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate...

CVE-2024-8306

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...