## Updated at UTC 2024-07-23T13:38:03.838732

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2024-3596 0 0.04% 37 1 2024-07-23T09:15:02.697000 RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local atta
CVE-2024-36991 7.5 10.93% 7 5 template 2024-07-22T15:32:36 In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an atta
CVE-2024-6960 7.5 0.04% 2 0 2024-07-22T14:42:25 The H2O machine learning platform uses "Iced" classes as the primary means of mo
CVE-2024-40348 0 0.05% 5 1 template 2024-07-22T13:00:53.287000 An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthen
CVE-2024-6957 7.3 0.04% 2 0 2024-07-21T15:30:34 A vulnerability classified as critical has been found in itsourcecode University
CVE-2024-6954 3.5 0.04% 2 0 2024-07-21T15:30:27 A vulnerability was found in SourceCodester Record Management System 1.0. It has
CVE-2024-6956 6.3 0.04% 2 1 2024-07-21T15:30:27 A vulnerability was found in itsourcecode University Management System 1.0. It h
CVE-2024-6958 6.3 0.04% 2 0 2024-07-21T15:30:27 A vulnerability classified as critical was found in itsourcecode University Mana
CVE-2024-6955 3.5 0.04% 2 0 2024-07-21T15:30:26 A vulnerability was found in SourceCodester Record Management System 1.0. It has
CVE-2024-6951 6.3 0.04% 2 0 2024-07-21T12:30:54 A vulnerability, which was classified as critical, was found in SourceCodester S
CVE-2024-6953 6.3 0.04% 2 1 2024-07-21T12:30:54 A vulnerability was found in itsourcecode Tailoring Management System 1.0 and cl
CVE-2024-6950 6.3 0.04% 2 0 2024-07-21T12:30:54 A vulnerability, which was classified as critical, has been found in Prain up to
CVE-2024-6952 6.3 0.04% 2 0 2024-07-21T12:30:49 A vulnerability has been found in itsourcecode University Management System 1.0
CVE-2024-40642 8.1 0.04% 1 0 2024-07-19T14:17:55 ### Summary `BinaryHttpParser` does not properly validate input values thus givi
CVE-2024-21140 4.8 0.05% 2 0 2024-07-19T14:15:05.400000 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente
CVE-2024-38156 6.1 0.05% 6 0 2024-07-19T03:30:59 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-5997 4.3 0.05% 2 0 2024-07-19T00:31:44 The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress
CVE-2024-6387 8.1 36.87% 39 89 2024-07-18T22:15:03.630000 A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
CVE-2024-5321 6.1 0.04% 2 0 2024-07-18T21:58:16 A security issue was discovered in Kubernetes clusters with Windows nodes where
CVE-2024-6455 5.3 0.05% 2 0 2024-07-18T21:30:43 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Informati
CVE-2024-20419 10.0 0.04% 25 0 2024-07-18T12:28:43.707000 A vulnerability in the authentication system of Cisco Smart Software Manager On-
CVE-2024-40764 0 0.04% 4 0 2024-07-18T12:28:43.707000 Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unau
CVE-2024-5964 6.4 0.04% 2 0 2024-07-18T12:28:43.707000 The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting
CVE-2023-6708 5.4 0.07% 2 0 2024-07-18T12:28:43.707000 The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
CVE-2024-6705 5.5 0.07% 2 0 2024-07-18T03:31:36 The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
CVE-2024-6175 5.4 0.04% 2 0 2024-07-18T03:31:35 The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress
CVE-2024-6599 4.3 0.05% 2 0 2024-07-18T03:31:35 The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API k
CVE-2024-5726 8.8 0.07% 2 0 2024-07-18T03:31:35 The Timeline Event History plugin for WordPress is vulnerable to PHP Object Inje
CVE-2024-34102 9.8 97.32% 10 18 template 2024-07-18T01:00:03.197000 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affe
CVE-2024-28995 7.5 96.00% 12 8 template 2024-07-18T01:00:03.197000 SolarWinds Serv-U was susceptible to a directory transversal vulnera
CVE-2022-22948 6.5 0.78% 6 1 2024-07-18T01:00:03.190000 The vCenter Server contains an information disclosure vulnerability due to impro
CVE-2024-20323 7.5 0.04% 4 0 2024-07-17T18:31:06 A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauth
CVE-2024-20401 9.8 0.04% 10 0 2024-07-17T18:31:05 A vulnerability in the content scanning and message filtering features of Cisco
CVE-2024-20296 4.7 0.04% 4 0 2024-07-17T18:31:05 A vulnerability in the web-based management interface of Cisco Identity Services
CVE-2024-20435 8.8 0.04% 4 0 2024-07-17T18:31:05 A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow
CVE-2024-20416 6.5 0.04% 4 0 2024-07-17T18:31:05 A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit V
CVE-2024-20400 4.7 0.06% 4 0 2024-07-17T18:31:05 A vulnerability in the web-based management interface of Cisco Expressway Series
CVE-2024-20396 5.3 0.04% 4 0 2024-07-17T18:31:05 A vulnerability in the protocol handlers of Cisco Webex App could allow an unaut
CVE-2024-20395 6.4 0.04% 4 0 2024-07-17T18:31:05 A vulnerability in the media retrieval functionality of Cisco Webex App could al
CVE-2024-20429 6.5 0.04% 4 1 2024-07-17T18:31:05 A vulnerability in the web-based management interface of Cisco AsyncOS for Secur
CVE-2024-28074 9.7 0.05% 7 0 2024-07-17T15:30:52 It was discovered that a previous vulnerability was not completely fixed with So
CVE-2024-23472 9.7 0.06% 5 0 2024-07-17T15:30:52 SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vul
CVE-2024-23475 9.7 0.06% 3 1 2024-07-17T15:30:52 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal an
CVE-2024-28992 7.6 0.04% 2 0 2024-07-17T15:30:52 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal an
CVE-2024-28993 7.6 0.05% 2 0 2024-07-17T15:30:52 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal an
CVE-2024-23471 9.7 0.05% 6 0 2024-07-17T15:30:51 The SolarWinds Access Rights Manager was found to be susceptible to a Remote Cod
CVE-2024-23469 9.7 0.05% 7 0 2024-07-17T15:30:51 SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution
CVE-2024-23470 9.7 0.05% 2 0 2024-07-17T15:30:51 The SolarWinds Access Rights Manager was found to be susceptible to a pre-authen
CVE-2024-23474 7.6 0.05% 3 0 2024-07-17T15:30:51 The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary
CVE-2024-23467 9.7 0.06% 7 0 2024-07-17T15:30:50 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal an
CVE-2024-23466 9.7 0.06% 6 0 2024-07-17T15:30:50 SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal R
CVE-2024-23468 7.6 0.05% 2 0 2024-07-17T15:30:50 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal an
CVE-2024-6772 None 0.04% 2 0 2024-07-17T00:33:02 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allo
CVE-2024-6773 None 0.04% 2 0 2024-07-17T00:33:01 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allo
CVE-2024-6779 None 0.04% 2 0 2024-07-17T00:33:01 Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allow
CVE-2024-21181 9.8 0.15% 2 0 2024-07-17T00:32:56 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
CVE-2024-6778 None 0.04% 2 0 2024-07-17T00:32:54 Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker wh
CVE-2024-6775 None 0.04% 2 0 2024-07-17T00:32:54 Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed
CVE-2024-6777 None 0.04% 2 0 2024-07-17T00:32:54 Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an
CVE-2024-6774 None 0.04% 2 0 2024-07-17T00:32:54 Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowe
CVE-2024-6776 None 0.04% 2 0 2024-07-17T00:32:54 Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remot
CVE-2024-6610 None 0.04% 2 0 2024-07-16T18:32:47 Form validation popups could capture escape key presses. Therefore, spamming for
CVE-2024-6612 5.3 0.04% 2 0 2024-07-16T18:32:47 CSP violations generated links in the console tab of the developer tools, pointi
CVE-2024-6608 None 0.04% 2 0 2024-07-16T18:32:46 It was possible to move the cursor using pointerlock from an iframe. This allowe
CVE-2024-6601 None 0.04% 2 0 2024-07-16T18:32:46 A race condition could lead to a cross-origin container obtaining permissions of
CVE-2024-6604 None 0.04% 2 0 2024-07-16T18:32:46 Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 1
CVE-2024-6602 9.8 0.04% 2 1 2024-07-16T18:32:46 A mismatch between allocator and deallocator could have lead to memory corruptio
CVE-2024-6603 7.4 0.04% 2 1 2024-07-16T18:32:46 In an out-of-memory scenario an allocation could fail but free would have been c
CVE-2024-6613 None 0.04% 2 0 2024-07-16T18:32:46 The frame iterator could get stuck in a loop when encountering certain wasm fram
CVE-2024-6607 None 0.04% 2 0 2024-07-16T18:32:46 It was possible to prevent a user from exiting pointerlock when pressing escape
CVE-2024-6600 None 0.04% 2 0 2024-07-16T18:32:46 Due to large allocation checks in Angle for GLSL shaders being too lenient an ou
CVE-2024-6611 9.8 0.04% 2 0 2024-07-16T18:32:46 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict
CVE-2024-6606 9.8 0.04% 2 0 2024-07-16T18:32:46 Clipboard code failed to check the index on an array access. This could have lea
CVE-2024-6615 None 0.04% 2 0 2024-07-16T18:32:46 Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of
CVE-2024-6609 None 0.04% 2 0 2024-07-16T18:32:46 When almost out-of-memory an elliptic curve key which was never allocated could
CVE-2024-6614 None 0.04% 2 0 2024-07-16T18:31:42 The frame iterator could get stuck in a loop when encountering certain wasm fram
CVE-2024-36401 9.8 94.64% 21 8 template 2024-07-16T01:00:01.567000 GeoServer is an open source server that allows users to share and edit geospatia
CVE-2024-5441 8.8 0.05% 1 0 2024-07-15T15:30:57 The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file
CVE-2024-6409 7.0 0.05% 23 1 2024-07-13T04:15:14.207000 A race condition vulnerability was discovered in how signals are handled by Open
CVE-2024-38112 7.5 1.61% 55 0 2024-07-13T00:15:04.950000 Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-22280 8.5 0.05% 4 0 2024-07-12T18:32:53 VMware Aria Automation does not apply correct input validation which allows for
CVE-2024-39698 7.5 0.06% 2 0 2024-07-12T17:06:45.907000 electron-updater allows for automatic updates for Electron apps. The file `packa
CVE-2024-5535 9.1 0.04% 4 0 2024-07-12T15:31:25 Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an em
CVE-2024-6677 0 0.04% 2 0 2024-07-12T12:49:07.030000 Privilege escalation in uberAgent
CVE-2024-23692 9.8 95.43% 4 9 template 2024-07-12T11:15:11.340000 Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a t
CVE-2024-5217 9.8 0.05% 2 0 template 2024-07-11T22:15:02.647000 ServiceNow has addressed an input validation vulnerability that was identified i
CVE-2024-5178 4.9 0.04% 2 0 2024-07-11T22:15:02.467000 ServiceNow has addressed a sensitive file read vulnerability that was identified
CVE-2024-4879 9.8 0.05% 3 7 template 2024-07-11T22:15:02.260000 ServiceNow has addressed an input validation vulnerability that was identified i
CVE-2024-6286 0 0.04% 1 0 2024-07-11T15:06:34.997000 Local Privilege escalation allows a low-privileged user to gain SYSTEM privilege
CVE-2024-6235 0 0.04% 6 0 2024-07-11T15:06:34.163000 Sensitive information disclosure in NetScaler Console
CVE-2024-5492 0 0.04% 1 0 2024-07-11T13:05:54.930000 Open redirect vulnerability allows a remote unauthenticated attacker to redirect
CVE-2024-6150 0 0.04% 1 0 2024-07-11T13:05:54.930000 A non-admin user can cause short-term disruption in Target VM availability in Ci
CVE-2024-6149 0 0.04% 1 0 2024-07-11T13:05:54.930000 Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
CVE-2024-6236 0 0.04% 1 0 2024-07-11T13:05:54.930000 Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Age
CVE-2024-5491 0 0.04% 1 0 2024-07-11T13:05:54.930000 Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
CVE-2024-6151 0 0.04% 1 0 2024-07-11T13:05:54.930000 Local Privilege escalation allows a low-privileged user to gain SYSTEM privilege
CVE-2024-6148 0 0.04% 1 0 2024-07-11T13:05:54.930000 Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVE-2024-6385 9.6 0.13% 3 0 2024-07-11T09:30:58 An issue was discovered in GitLab CE/EE affecting all versions starting from 15.
CVE-2024-20399 6.0 0.31% 8 1 2024-07-10T21:31:40 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated,
CVE-2024-5912 None 0.04% 2 0 2024-07-10T21:30:45 An improper file signature check in Palo Alto Networks Cortex XDR agent may allo
CVE-2024-5913 None 0.04% 2 0 2024-07-10T21:30:39 An improper input validation vulnerability in Palo Alto Networks PAN-OS software
CVE-2024-5910 None 0.04% 3 0 2024-07-10T21:30:38 Missing authentication for a critical function in Palo Alto Networks Expedition
CVE-2024-5911 None 0.04% 2 0 2024-07-10T21:30:38 An arbitrary file upload vulnerability in Palo Alto Networks Panorama software e
CVE-2024-20456 6.7 0.04% 2 0 2024-07-10T18:32:18 A vulnerability in the boot process of Cisco IOS XR Software could allow an auth
CVE-2024-35264 8.1 0.14% 3 0 2024-07-09T21:14:26 # Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulner
CVE-2024-38080 7.8 0.04% 11 0 2024-07-09T18:31:00 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-27785 5.4 0.04% 1 0 2024-07-09T18:30:53 An improper neutralization of formula elements in a CSV File vulnerability [CWE-
CVE-2024-27784 8.8 0.04% 1 0 2024-07-09T18:30:53 Multiple Exposure of sensitive information to an unauthorized actor vulnerabilit
CVE-2023-50178 7.4 0.04% 1 0 2024-07-09T18:30:53 An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.
CVE-2024-21759 4.3 0.04% 1 0 2024-07-09T18:30:53 An authorization bypass through user-controlled key in Fortinet FortiPortal vers
CVE-2024-33509 4.8 0.04% 1 0 2024-07-09T18:30:53 An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 thr
CVE-2024-38021 8.8 0.11% 8 0 2024-07-09T18:30:51 Microsoft Office Remote Code Execution Vulnerability
CVE-2024-27782 8.1 0.04% 1 0 2024-07-09T18:18:38.713000 Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOp
CVE-2024-23663 8.8 0.04% 1 0 2024-07-09T18:18:38.713000 An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.
CVE-2024-26015 3.4 0.04% 1 0 2024-07-09T18:18:38.713000 An incorrect parsing of numbers with different radices vulnerability [CWE-1389]
CVE-2023-50179 4.8 0.04% 1 0 2024-07-09T18:18:38.713000 An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.
CVE-2024-27783 7.6 0.04% 1 0 2024-07-09T18:18:38.713000 Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAI
CVE-2023-50181 4.9 0.04% 1 0 2024-07-09T18:18:38.713000 An improper access control vulnerability [CWE-284] in Fortinet FortiADC version
CVE-2024-39929 5.4 0.04% 8 1 2024-07-09T16:22:58.760000 Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus rem
CVE-2024-6605 None 0.04% 2 1 2024-07-09T15:31:03 Firefox Android allowed immediate interaction with permission prompts. This coul
CVE-2024-39592 7.7 0.04% 2 0 2024-07-09T06:30:38 Elements of PDCE does not perform necessary authorization checks for an authenti
CVE-2024-37903 8.2 0.04% 16 0 2024-07-08T15:49:22.437000 Mastodon is a self-hosted, federated microblogging platform. Starting in version
CVE-2023-24069 3.3 0.04% 2 0 2024-07-03T18:32:50 Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to o
CVE-2008-4109 None 7.61% 1 1 2024-07-01T15:31:59 A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o
CVE-2024-26642 None 0.04% 2 0 2024-06-27T12:30:45 In the Linux kernel, the following vulnerability has been resolved: netfilter:
CVE-2024-26804 None 0.04% 2 0 2024-06-26T00:31:38 In the Linux kernel, the following vulnerability has been resolved: net: ip_tun
CVE-2024-26643 None 0.04% 2 0 2024-06-26T00:31:36 In the Linux kernel, the following vulnerability has been resolved: netfilter:
CVE-2024-26673 None 0.04% 2 0 2024-06-26T00:31:36 In the Linux kernel, the following vulnerability has been resolved: netfilter:
CVE-2024-4577 9.8 96.75% 6 44 2024-06-21T21:35:02 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, wh
CVE-2024-30078 8.8 0.05% 4 5 2024-06-21T19:48:29.993000 Windows Wi-Fi Driver Remote Code Execution Vulnerability
CVE-2024-35761 6.5 0.04% 2 0 2024-06-21T15:31:06 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
CVE-2023-51765 5.3 0.17% 2 0 2024-06-15T09:31:38 sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations
CVE-2024-30088 7.0 0.04% 2 4 2024-06-11T18:30:56 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30103 8.8 0.09% 2 0 2024-06-11T18:30:56 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-3400 10.0 95.77% 6 35 template 2024-05-29T16:00:24.093000 A command injection as a result of arbitrary file creation vulnerability in the
CVE-2024-27348 0 0.09% 4 3 template 2024-05-01T17:15:30.443000 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue
CVE-2024-21413 9.8 0.60% 2 15 2024-04-11T21:30:48 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-43976 8.1 0.11% 2 0 2024-04-04T08:11:36 An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate
CVE-2023-35384 5.4 0.06% 2 0 2024-04-04T06:41:46 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-29324 6.5 18.61% 2 1 2024-04-04T03:56:44 Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-46045 7.8 0.05% 2 0 2024-03-30T05:01:49 Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a fil
CVE-2023-24068 7.8 0.04% 2 0 2024-03-30T05:01:46 Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to m
CVE-2024-27198 9.8 97.16% 6 10 template 2024-03-21T05:01:12 In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform
CVE-2024-27199 7.3 0.90% 4 3 template 2024-03-11T15:31:24 In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite
CVE-2008-0166 7.5 8.17% 4 4 2024-02-18T05:07:33 OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system
CVE-2021-26855 9.1 97.47% 2 55 template 2024-02-15T20:18:22.123000 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-6340 5.5 0.04% 2 0 2024-01-29T17:17:41.147000 SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and
CVE-2023-6548 8.8 1.57% 2 1 2024-01-25T16:45:58.287000 Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and N
CVE-2024-21887 9.1 96.91% 4 12 2024-01-22T18:31:16 A command injection vulnerability in web components of Ivanti Connect Secure (9.
CVE-2023-35636 6.5 0.47% 2 1 2023-12-12T18:31:42 Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-4966 9.4 97.13% 2 12 template 2023-11-12T05:01:25 Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when con
CVE-2021-38578 9.8 0.18% 1 0 2023-07-31T05:02:18 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when comput
CVE-2023-23397 9.8 90.18% 2 30 2023-03-29T05:07:23 Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-27532 7.5 2.40% 2 3 2023-03-16T18:30:29 Vulnerability in Veeam Backup & Replication component allows encrypted credentia
CVE-2022-21587 9.8 96.97% 2 3 template 2023-03-01T18:30:57 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracl
CVE-2020-5408 6.5 0.14% 2 1 2023-02-01T05:03:03 Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior
CVE-2006-5051 None 79.14% 1 3 2023-02-01T05:01:22 Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c
CVE-2020-15227 9.8 96.99% 4 3 template 2021-11-18T16:47:44.667000 Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerab
CVE-2018-14847 9.1 97.46% 4 11 2019-03-07T14:12:53.707000 MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read a
CVE-2024-6509 0 0.00% 4 0 N/A
CVE-2024-37381 0 0.00% 6 0 N/A
CVE-2022-1012 0 0.12% 1 1 N/A
CVE-2022-0847 0 12.09% 2 98 N/A
CVE-2024-36131 0 0.00% 2 0 N/A
CVE-2024-36132 0 0.00% 2 0 N/A
CVE-2024-36130 0 0.00% 2 0 N/A
CVE-2024-37403 0 0.00% 2 0 N/A
CVE-2024-34788 0 0.00% 2 0 N/A
CVE-2024-38511 0 0.00% 1 0 N/A
CVE-2024-38509 0 0.00% 1 1 N/A
CVE-2024-38512 0 0.00% 1 1 N/A
CVE-2024-38508 0 0.00% 1 1 N/A
CVE-2024-38510 0 0.00% 1 1 N/A
CVE-2024-37985 0 0.00% 5 0 N/A
CVE-2024-26006 0 0.00% 1 0 N/A

CVE-2024-3596
(0 None)

EPSS: 0.04%

updated 2024-07-23T09:15:02.697000

37 posts

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

1 repos

https://github.com/alperenugurlu/CVE-2024-3596-Detector

screaminggoat at 2024-07-23T12:29:42.138Z ##

SonicWall security advisory: RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)
Reference: CVE-2024-3596 (SonicWall gives it an 8.1 high, disclosed 09 July 2024, see dedicated website) RADIUS Protocol Forgery Vulnerability, see parent toots above.
All SonicWall products using RADIUS authentication are affected. SonicWall PSIRT is aware that a proof of concept (PoC) exploit for this vulnerability is publicly available, we have no information regarding any exploitation of this vulnerability in the wild. No malicious use of this vulnerability has been reported to SonicWall.
No fixed software, only a workaround: The most effective approach to resolving this issue is to utilize encrypted and authenticated channels that ensure up-to-date cryptographic security protections. e.g. RADIUS protected with IPSEC VPN.

##

screaminggoat at 2024-07-11T03:34:34.412Z ##

Cisco security advisory: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
Reference: CVE-2024-3596 (score pending, disclosed 09 July 2024, see dedicated website) "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."

Cisco is investigating its product line to determine which products and cloud services may be affected by this vulnerability.

Vulnerable products:

  • Network and Content Security Devices
    • Firepower Device Manager (FDM)
    • Firepower Management Center (FMC) Software
    • Firepower Threat Defense (FTD) Software
    • Identity Services Engine (ISE)
    • Secure Email and Web Manager
    • Secure Email Gateway
  • Routing and Switching - Enterprise and Service Provider
    • MDS 9000 Series Multilayer Switches
    • Nexus 7000 Series Switches

##

benbe@social.chaotikum.org at 2024-07-10T18:23:37.000Z ##

I did a thing in case you can't remember the most recent RADIUS bug's domain …

radius.security.fail/

#cve_2024_3596

##

tychotithonus at 2024-07-09T19:28:29.652Z ##

Huh, the Openwall oss-security mailing list sure is quiet about BlastRADIUS.


##

tychotithonus at 2024-07-09T17:49:21.986Z ##

In a somewhat unusual move, the company who sells one of the primary vulnerable products is charging money for tools to detect the vulnerability, with tool+support pricing ranging from US$150 for a guide+worksheet, US$400 for the verification tool, and $23K for carrier-level support.

inkbridgenetworks.com/blastrad

To be fair, it's a two-person company, and its technical lead was instrumental in analysis and fix of the vulnerability.


##

screaminggoat at 2024-07-09T17:30:05.535Z ##

Canadian Centre for Cyber Security (CCCS) security advisory: RADIUS Protocol Susceptible to Forgery Attacks
The Cyber Centre is aware of industry research regarding a recent vulnerability impacting the RADIUS protocol – a common authentication , authorization and accounting network protocol used for managing network accesses. The vulnerability could allow a person-in-the-middle threat actor to authenticate themself to a victim’s system or deny authentication to legitimate users.
This vulnerability is due to the lack of authentication and integrity validation with the RADIUS protocol. An adversary could exploit the weak cryptographic hash MD5 and forge authentication responses from a RADIUS server.
For some reason, CCCS fails to include the CVE ID which is CVE-2024-3596

##

threatcodex at 2024-07-09T14:51:26.837Z ##

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

helpnetsecurity.com/2024/07/09

##

catsalad at 2024-07-09T14:29:05.111Z ##

@goldbe Great write-up, and I can't wait to see your paper (blastradius.fail/) in USENIX Security 2024!

Also, first time I've seen Monster-in-the-Middle used for MitM, but I like the reuse.

Web Archive link for Tor users:
🗃️⁠web.archive.org/web/2024070912

##

tychotithonus at 2024-07-09T13:37:22.885Z ##

Definitely recommend using one-string name "BlastRADIUS" over "Blast-RADIUS".

Lots of use of the regular phrase all over the Internet makes it harder to sift through (most search engines treat hyphens as if they were spaces).

FWIW Mark Stevens, one of the authors, uses

x.com/realhashbreaker/status/1


##

screaminggoat@infosec.exchange at 2024-07-23T12:29:42.000Z ##

SonicWall security advisory: RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)
Reference: CVE-2024-3596 (SonicWall gives it an 8.1 high, disclosed 09 July 2024, see dedicated website) RADIUS Protocol Forgery Vulnerability, see parent toots above.
All SonicWall products using RADIUS authentication are affected. SonicWall PSIRT is aware that a proof of concept (PoC) exploit for this vulnerability is publicly available, we have no information regarding any exploitation of this vulnerability in the wild. No malicious use of this vulnerability has been reported to SonicWall.
No fixed software, only a workaround: The most effective approach to resolving this issue is to utilize encrypted and authenticated channels that ensure up-to-date cryptographic security protections. e.g. RADIUS protected with IPSEC VPN.

#CVE_2024_3596 #BlastRADIUS #vulnerability #sonicwall #cve

##

screaminggoat@infosec.exchange at 2024-07-11T03:34:34.000Z ##

Cisco security advisory: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
Reference: CVE-2024-3596 (score pending, disclosed 09 July 2024, see dedicated website) "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."

Cisco is investigating its product line to determine which products and cloud services may be affected by this vulnerability.

Vulnerable products:

  • Network and Content Security Devices
    • Firepower Device Manager (FDM)
    • Firepower Management Center (FMC) Software
    • Firepower Threat Defense (FTD) Software
    • Identity Services Engine (ISE)
    • Secure Email and Web Manager
    • Secure Email Gateway
  • Routing and Switching - Enterprise and Service Provider
    • MDS 9000 Series Multilayer Switches
    • Nexus 7000 Series Switches

#BlastRADIUS #CVE_2024_3596 #radius #vulnerability #cve

##

benbe@social.chaotikum.org at 2024-07-10T18:23:37.000Z ##

I did a thing in case you can't remember the most recent RADIUS bug's domain …

radius.security.fail/

#cve_2024_3596

##

tychotithonus@infosec.exchange at 2024-07-09T19:28:29.000Z ##

Huh, the Openwall oss-security mailing list sure is quiet about BlastRADIUS.

#CVE_2024_3596
#BlastRADIUS

##

tychotithonus@infosec.exchange at 2024-07-09T17:49:21.000Z ##

In a somewhat unusual move, the company who sells one of the primary vulnerable products is charging money for tools to detect the vulnerability, with tool+support pricing ranging from US$150 for a guide+worksheet, US$400 for the verification tool, and $23K for carrier-level support.

inkbridgenetworks.com/blastrad

To be fair, it's a two-person company, and its technical lead was instrumental in analysis and fix of the vulnerability.

#CVE_2024_3596
#BlastRADIUS

##

screaminggoat@infosec.exchange at 2024-07-09T17:30:05.000Z ##

Canadian Centre for Cyber Security (CCCS) security advisory: RADIUS Protocol Susceptible to Forgery Attacks
The Cyber Centre is aware of industry research regarding a recent vulnerability impacting the RADIUS protocol – a common authentication , authorization and accounting network protocol used for managing network accesses. The vulnerability could allow a person-in-the-middle threat actor to authenticate themself to a victim’s system or deny authentication to legitimate users.
This vulnerability is due to the lack of authentication and integrity validation with the RADIUS protocol. An adversary could exploit the weak cryptographic hash MD5 and forge authentication responses from a RADIUS server.
For some reason, CCCS fails to include the CVE ID which is CVE-2024-3596

#BlastRADIUS #CVE_2024_3596 #vulnerability #Radius

##

catsalad@infosec.exchange at 2024-07-09T14:29:05.000Z ##

@goldbe Great write-up, and I can't wait to see your paper (blastradius.fail/) in USENIX Security 2024!

Also, first time I've seen Monster-in-the-Middle used for MitM, but I like the reuse.

Web Archive link for Tor users:
🗃️⁠web.archive.org/web/2024070912

#CVE_2024_3596

##

tychotithonus@infosec.exchange at 2024-07-09T13:37:22.000Z ##

Definitely recommend using one-string name "BlastRADIUS" over "Blast-RADIUS".

Lots of use of the regular phrase all over the Internet makes it harder to sift through (most search engines treat hyphens as if they were spaces).

FWIW Mark Stevens, one of the authors, uses #BlastRADIUS

x.com/realhashbreaker/status/1

#CVE_2024_3596
#BlastRADIUS

##

screaminggoat at 2024-07-23T12:29:42.138Z ##

SonicWall security advisory: RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)
Reference: CVE-2024-3596 (SonicWall gives it an 8.1 high, disclosed 09 July 2024, see dedicated website) RADIUS Protocol Forgery Vulnerability, see parent toots above.
All SonicWall products using RADIUS authentication are affected. SonicWall PSIRT is aware that a proof of concept (PoC) exploit for this vulnerability is publicly available, we have no information regarding any exploitation of this vulnerability in the wild. No malicious use of this vulnerability has been reported to SonicWall.
No fixed software, only a workaround: The most effective approach to resolving this issue is to utilize encrypted and authenticated channels that ensure up-to-date cryptographic security protections. e.g. RADIUS protected with IPSEC VPN.

##

screaminggoat at 2024-07-11T03:34:34.412Z ##

Cisco security advisory: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
Reference: CVE-2024-3596 (score pending, disclosed 09 July 2024, see dedicated website) "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."

Cisco is investigating its product line to determine which products and cloud services may be affected by this vulnerability.

Vulnerable products:

  • Network and Content Security Devices
    • Firepower Device Manager (FDM)
    • Firepower Management Center (FMC) Software
    • Firepower Threat Defense (FTD) Software
    • Identity Services Engine (ISE)
    • Secure Email and Web Manager
    • Secure Email Gateway
  • Routing and Switching - Enterprise and Service Provider
    • MDS 9000 Series Multilayer Switches
    • Nexus 7000 Series Switches

##

benbe@social.chaotikum.org at 2024-07-10T18:23:37.000Z ##

I did a thing in case you can't remember the most recent RADIUS bug's domain …

radius.security.fail/

#cve_2024_3596

##

tychotithonus at 2024-07-09T19:28:29.652Z ##

Huh, the Openwall oss-security mailing list sure is quiet about BlastRADIUS.


##

tychotithonus at 2024-07-09T17:49:21.986Z ##

In a somewhat unusual move, the company who sells one of the primary vulnerable products is charging money for tools to detect the vulnerability, with tool+support pricing ranging from US$150 for a guide+worksheet, US$400 for the verification tool, and $23K for carrier-level support.

inkbridgenetworks.com/blastrad

To be fair, it's a two-person company, and its technical lead was instrumental in analysis and fix of the vulnerability.


##

screaminggoat at 2024-07-09T17:30:05.535Z ##

Canadian Centre for Cyber Security (CCCS) security advisory: RADIUS Protocol Susceptible to Forgery Attacks
The Cyber Centre is aware of industry research regarding a recent vulnerability impacting the RADIUS protocol – a common authentication , authorization and accounting network protocol used for managing network accesses. The vulnerability could allow a person-in-the-middle threat actor to authenticate themself to a victim’s system or deny authentication to legitimate users.
This vulnerability is due to the lack of authentication and integrity validation with the RADIUS protocol. An adversary could exploit the weak cryptographic hash MD5 and forge authentication responses from a RADIUS server.
For some reason, CCCS fails to include the CVE ID which is CVE-2024-3596

##

threatcodex at 2024-07-09T14:51:26.837Z ##

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

helpnetsecurity.com/2024/07/09

##

catsalad at 2024-07-09T14:29:05.111Z ##

@goldbe Great write-up, and I can't wait to see your paper (blastradius.fail/) in USENIX Security 2024!

Also, first time I've seen Monster-in-the-Middle used for MitM, but I like the reuse.

Web Archive link for Tor users:
🗃️⁠web.archive.org/web/2024070912

##

tychotithonus at 2024-07-09T13:37:22.885Z ##

Definitely recommend using one-string name "BlastRADIUS" over "Blast-RADIUS".

Lots of use of the regular phrase all over the Internet makes it harder to sift through (most search engines treat hyphens as if they were spaces).

FWIW Mark Stevens, one of the authors, uses

x.com/realhashbreaker/status/1


##

screaminggoat@infosec.exchange at 2024-07-23T12:29:42.000Z ##

SonicWall security advisory: RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)
Reference: CVE-2024-3596 (SonicWall gives it an 8.1 high, disclosed 09 July 2024, see dedicated website) RADIUS Protocol Forgery Vulnerability, see parent toots above.
All SonicWall products using RADIUS authentication are affected. SonicWall PSIRT is aware that a proof of concept (PoC) exploit for this vulnerability is publicly available, we have no information regarding any exploitation of this vulnerability in the wild. No malicious use of this vulnerability has been reported to SonicWall.
No fixed software, only a workaround: The most effective approach to resolving this issue is to utilize encrypted and authenticated channels that ensure up-to-date cryptographic security protections. e.g. RADIUS protected with IPSEC VPN.

#CVE_2024_3596 #BlastRADIUS #vulnerability #sonicwall #cve

##

screaminggoat@infosec.exchange at 2024-07-11T03:34:34.000Z ##

Cisco security advisory: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
Reference: CVE-2024-3596 (score pending, disclosed 09 July 2024, see dedicated website) "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."

Cisco is investigating its product line to determine which products and cloud services may be affected by this vulnerability.

Vulnerable products:

  • Network and Content Security Devices
    • Firepower Device Manager (FDM)
    • Firepower Management Center (FMC) Software
    • Firepower Threat Defense (FTD) Software
    • Identity Services Engine (ISE)
    • Secure Email and Web Manager
    • Secure Email Gateway
  • Routing and Switching - Enterprise and Service Provider
    • MDS 9000 Series Multilayer Switches
    • Nexus 7000 Series Switches

#BlastRADIUS #CVE_2024_3596 #radius #vulnerability #cve

##

benbe@social.chaotikum.org at 2024-07-10T18:23:37.000Z ##

I did a thing in case you can't remember the most recent RADIUS bug's domain …

radius.security.fail/

#cve_2024_3596

##

tychotithonus@infosec.exchange at 2024-07-09T19:28:29.000Z ##

Huh, the Openwall oss-security mailing list sure is quiet about BlastRADIUS.

#CVE_2024_3596
#BlastRADIUS

##

tychotithonus@infosec.exchange at 2024-07-09T17:49:21.000Z ##

In a somewhat unusual move, the company who sells one of the primary vulnerable products is charging money for tools to detect the vulnerability, with tool+support pricing ranging from US$150 for a guide+worksheet, US$400 for the verification tool, and $23K for carrier-level support.

inkbridgenetworks.com/blastrad

To be fair, it's a two-person company, and its technical lead was instrumental in analysis and fix of the vulnerability.

#CVE_2024_3596
#BlastRADIUS

##

screaminggoat@infosec.exchange at 2024-07-09T17:30:05.000Z ##

Canadian Centre for Cyber Security (CCCS) security advisory: RADIUS Protocol Susceptible to Forgery Attacks
The Cyber Centre is aware of industry research regarding a recent vulnerability impacting the RADIUS protocol – a common authentication , authorization and accounting network protocol used for managing network accesses. The vulnerability could allow a person-in-the-middle threat actor to authenticate themself to a victim’s system or deny authentication to legitimate users.
This vulnerability is due to the lack of authentication and integrity validation with the RADIUS protocol. An adversary could exploit the weak cryptographic hash MD5 and forge authentication responses from a RADIUS server.
For some reason, CCCS fails to include the CVE ID which is CVE-2024-3596

#BlastRADIUS #CVE_2024_3596 #vulnerability #Radius

##

catsalad@infosec.exchange at 2024-07-09T14:29:05.000Z ##

@goldbe Great write-up, and I can't wait to see your paper (blastradius.fail/) in USENIX Security 2024!

Also, first time I've seen Monster-in-the-Middle used for MitM, but I like the reuse.

Web Archive link for Tor users:
🗃️⁠web.archive.org/web/2024070912

#CVE_2024_3596

##

tychotithonus@infosec.exchange at 2024-07-09T13:37:22.000Z ##

Definitely recommend using one-string name "BlastRADIUS" over "Blast-RADIUS".

Lots of use of the regular phrase all over the Internet makes it harder to sift through (most search engines treat hyphens as if they were spaces).

FWIW Mark Stevens, one of the authors, uses #BlastRADIUS

x.com/realhashbreaker/status/1

#CVE_2024_3596
#BlastRADIUS

##

benzogaga33@mamot.fr at 2024-07-11T09:40:02.000Z ##

La nouvelle attaque Blast-RADIUS peut être utilisée pour outrepasser l’authentification RADIUS ! it-connect.fr/attaque-blast-ra #ActuCybersécurité #Cybersécurité #Vulnérabilité #Radius

##

screaminggoat at 2024-07-10T16:48:15.050Z ##

Palo Alto Networks multiple security advisories:

Palo Alto Networks is not aware of any malicious exploitation of this issue.

##

screaminggoat@infosec.exchange at 2024-07-10T16:48:15.000Z ##

Palo Alto Networks multiple security advisories:

Palo Alto Networks is not aware of any malicious exploitation of this issue.

#PaloAltoNetworks #PatchTuesday #CVE #vulnerability

##

CVE-2024-36991
(7.5 HIGH)

EPSS: 10.93%

updated 2024-07-22T15:32:36

7 posts

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Nuclei template

5 repos

https://github.com/th3gokul/CVE-2024-36991

https://github.com/Cappricio-Securities/CVE-2024-36991

https://github.com/sardine-web/CVE-2024-36991

https://github.com/Mr-xn/CVE-2024-36991

https://github.com/bigb0x/CVE-2024-36991

threatcodex at 2024-07-21T15:32:14.475Z ##

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

helpnetsecurity.com/2024/07/18

##

jbhall56 at 2024-07-20T15:39:30.684Z ##

The issue, tracked as CVE-2024-36991 (CVSS score of 7.5), is described as a path traversal bug impacting Splunk Enterprise on Windows versions prior to 9.2.2, 9.1.5, and 9.0.10. Splunk announced patches for the flaw on July 1. securityweek.com/recent-splunk

##

jos1264@social.skynetcloud.site at 2024-07-18T15:10:04.000Z ##

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) helpnetsecurity.com/2024/07/18 #securityupdate #dataanalytics #vulnerability #enterprise #Don'tmiss #SonicWall #Hotstuff #Splunk #News #CVE

##

sambowne at 2024-07-10T16:46:23.047Z ##

CVE-2024-36991 Splunk Path Traversal PoC github.com/bigb0x/CVE-2024-369

##

jbhall56@infosec.exchange at 2024-07-20T15:39:30.000Z ##

The issue, tracked as CVE-2024-36991 (CVSS score of 7.5), is described as a path traversal bug impacting Splunk Enterprise on Windows versions prior to 9.2.2, 9.1.5, and 9.0.10. Splunk announced patches for the flaw on July 1. securityweek.com/recent-splunk

##

jos1264@social.skynetcloud.site at 2024-07-18T15:10:04.000Z ##

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) helpnetsecurity.com/2024/07/18 #securityupdate #dataanalytics #vulnerability #enterprise #Don'tmiss #SonicWall #Hotstuff #Splunk #News #CVE

##

sambowne@infosec.exchange at 2024-07-10T16:46:23.000Z ##

CVE-2024-36991 Splunk Path Traversal PoC github.com/bigb0x/CVE-2024-369

##

CVE-2024-6960
(7.5 HIGH)

EPSS: 0.04%

updated 2024-07-22T14:42:25

2 posts

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class whitelist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to th

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-40348
(0 None)

EPSS: 0.05%

updated 2024-07-22T13:00:53.287000

5 posts

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.

Nuclei template

1 repos

https://github.com/bigb0x/CVE-2024-40348

jos1264@social.skynetcloud.site at 2024-07-22T09:05:02.000Z ##

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity thecyberexpress.com/cve-2024-4 #vulnerabilityinBazaar #Bazaarvulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440348 #DarkWebNews #Bazaarv143

##

jos1264@social.skynetcloud.site at 2024-07-22T09:05:02.000Z ##

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity thecyberexpress.com/cve-2024-4 #vulnerabilityinBazaar #Bazaarvulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440348 #DarkWebNews #Bazaarv143

##

jos1264@social.skynetcloud.site at 2024-07-22T09:05:02.000Z ##

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity thecyberexpress.com/cve-2024-4 #vulnerabilityinBazaar #Bazaarvulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440348 #DarkWebNews #Bazaarv143

##

jos1264@social.skynetcloud.site at 2024-07-22T09:05:02.000Z ##

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity thecyberexpress.com/cve-2024-4 #vulnerabilityinBazaar #Bazaarvulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440348 #DarkWebNews #Bazaarv143

##

rhudaur@flipboard.com at 2024-07-22T12:11:25.000Z ##

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity
thecyberexpress.com/cve-2024-4

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

##

CVE-2024-6957
(7.3 HIGH)

EPSS: 0.04%

updated 2024-07-21T15:30:34

2 posts

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnera

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6954
(3.5 LOW)

EPSS: 0.04%

updated 2024-07-21T15:30:27

2 posts

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272077 was assig

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6956
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T15:30:27

2 posts

A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272078 is the identifier assigned to this vuln

1 repos

#search_error

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6958
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T15:30:27

2 posts

A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6955
(3.5 LOW)

EPSS: 0.04%

updated 2024-07-21T15:30:26

2 posts

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. The manipulation of the argument qualification leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-27

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6951
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T12:30:54

2 posts

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272073 was assigned to this vu

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6953
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T12:30:54

2 posts

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sms.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272075.

1 repos

#search_error

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6950
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T12:30:54

2 posts

A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabi

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-6952
(6.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-21T12:30:49

2 posts

A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272074 is the identifier assi

AAKL at 2024-07-22T14:36:23.582Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili.

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

AAKL@infosec.exchange at 2024-07-22T14:36:23.000Z ##

Recorded Future added these CVEs yesterday: recordedfuture.com/vulnerabili. #cybersecurity #infosec

CVE-2024-6958
CVE-2024-6957
CVE-2024-6956
CVE-2024-6955
CVE-2024-6954
CVE-2024-6953
CVE-2024-6952
CVE-2024-6951
CVE-2024-6950
CVE-2024-6960

##

CVE-2024-40642
(8.1 HIGH)

EPSS: 0.04%

updated 2024-07-19T14:17:55

1 posts

### Summary `BinaryHttpParser` does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request

chrisvest@mastodon.social at 2024-07-19T22:27:21.000Z ##

We've released #Netty 4.1.112.Final with a bunch of fixes and improvements: netty.io/news/2024/07/19/4-1-1

We've also released the Netty OHTTP codec, fixing CVE-2024-40642: netty.io/news/2024/07/18/ohttp

##

CVE-2024-21140
(4.8 MEDIUM)

EPSS: 0.05%

updated 2024-07-19T14:15:05.400000

2 posts

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allow

CVE-2024-38156
(6.1 MEDIUM)

EPSS: 0.05%

updated 2024-07-19T03:30:59

6 posts

Microsoft Edge (Chromium-based) Spoofing Vulnerability

screaminggoat at 2024-07-17T21:36:07.122Z ##

Microsoft Security Response Center (MSRC) security advisory: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156 (6.1 medium) CWE-79 (XSS)

UI:R= The user would have to click on a specially crafted URL to be compromised by the attacker.
C:L= Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.

Not exploited, not publicly disclosed, exploitation less likely. Surprisingly the only CVE patched in Edge considering yesterday's Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-17T21:36:07.000Z ##

Microsoft Security Response Center (MSRC) security advisory: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156 (6.1 medium) CWE-79 (XSS)

UI:R= The user would have to click on a specially crafted URL to be compromised by the attacker.
C:L= Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.

Not exploited, not publicly disclosed, exploitation less likely. Surprisingly the only CVE patched in Edge considering yesterday's Google Chrome security advisory

#MIcrosoft #Edge #CVE_2024_38156 #cve #MSRC #vulnerability

##

screaminggoat at 2024-07-17T21:36:07.122Z ##

Microsoft Security Response Center (MSRC) security advisory: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156 (6.1 medium) CWE-79 (XSS)

UI:R= The user would have to click on a specially crafted URL to be compromised by the attacker.
C:L= Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.

Not exploited, not publicly disclosed, exploitation less likely. Surprisingly the only CVE patched in Edge considering yesterday's Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-17T21:36:07.000Z ##

Microsoft Security Response Center (MSRC) security advisory: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156 (6.1 medium) CWE-79 (XSS)

UI:R= The user would have to click on a specially crafted URL to be compromised by the attacker.
C:L= Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.

Not exploited, not publicly disclosed, exploitation less likely. Surprisingly the only CVE patched in Edge considering yesterday's Google Chrome security advisory

#MIcrosoft #Edge #CVE_2024_38156 #cve #MSRC #vulnerability

##

AAKL at 2024-07-18T15:18:27.664Z ##

If you missed it, has posted a security update for CVE-2024-38156 for Chromium-based Edge browsers learn.microsoft.com/en-us/Depl

##

AAKL@infosec.exchange at 2024-07-18T15:18:27.000Z ##

If you missed it, #Microsoft has posted a security update for CVE-2024-38156 for Chromium-based Edge browsers learn.microsoft.com/en-us/Depl #cybersecurity #infosec

##

CVE-2024-5997
(4.3 MEDIUM)

EPSS: 0.05%

updated 2024-07-19T00:31:44

2 posts

The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts/pages.

CVE-2024-6387
(8.1 HIGH)

EPSS: 36.87%

updated 2024-07-18T22:15:03.630000

39 posts

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

89 repos

https://github.com/sardine-web/CVE-2024-6387_Check

https://github.com/CiderAndWhisky/regression-scanner

https://github.com/DimaMend/cve-2024-6387-poc

https://github.com/bigb0x/CVE-2024-6387

https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker

https://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POC

https://github.com/paradessia/CVE-2024-6387-nmap

https://github.com/kuffsit/check_cve_2024_6387

https://github.com/4lxprime/regreSSHive

https://github.com/no-one-sec/CVE-2024-6387

https://github.com/jocker2410/CVE-2024-6387_poc

https://github.com/Sibijo/mitigate_ssh

https://github.com/sardine-web/CVE-2024-6387-template

https://github.com/wiggels/regresshion-check

https://github.com/RickGeex/CVE-2024-6387-Checker

https://github.com/hssmo/cve-2024-6387_AImade

https://github.com/muyuanlove/CVE-2024-6387fixshell

https://github.com/R4Tw1z/CVE-2024-6387

https://github.com/xonoxitron/regreSSHion

https://github.com/teamos-hub/regreSSHion

https://github.com/Jhonsonwannaa/CVE-2024-6387

https://github.com/sxlmnwb/CVE-2024-6387

https://github.com/0x4D31/cve-2024-6387_hassh

https://github.com/devarshishimpi/CVE-2024-6387-Check

https://github.com/passwa11/cve-2024-6387-poc

https://github.com/l0n3m4n/CVE-2024-6387

https://github.com/azurejoga/CVE-2024-6387-how-to-fix

https://github.com/th3gokul/CVE-2024-6387

https://github.com/acrono/cve-2024-6387-poc

https://github.com/edsonjt81/CVE-2024-6387_Check

https://github.com/Mufti22/CVE-2024-6387-checkher

https://github.com/DanWiseProgramming/CVE-2024-6387-Mitigation-Ansible-Playbook

https://github.com/lala-amber/CVE-2024-6387

https://github.com/imv7/CVE-2024-6387

https://github.com/xristos8574/regreSSHion-nmap-scanner

https://github.com/mrmtwoj/CVE-2024-6387

https://github.com/oliferFord/CVE-2024-6387-SSH-RCE

https://github.com/liqhtnd/sshd-logingracetime0

https://github.com/grupooruss/CVE-2024-6387

https://github.com/k4t3pr0/CVE-2024-6387-Check

https://github.com/shamo0/CVE-2024-6387_PoC

https://github.com/zgimszhd61/cve-2024-6387-poc

https://github.com/ThatNotEasy/CVE-2024-6387

https://github.com/Passyed/regreSSHion-Fix

https://github.com/asterictnl-lvdw/CVE-2024-6387

https://github.com/zenzue/CVE-2024-6387-Mitigation

https://github.com/ThemeHackers/CVE-2024-6387

https://github.com/rumochnaya/openssh-cve-2024-6387.sh

https://github.com/SiberianHacker/CVE-2024-6387-Finder

https://github.com/lflare/cve-2024-6387-poc

https://github.com/TAM-K592/CVE-2024-6387

https://github.com/harshinsecurity/sentinelssh

https://github.com/W1hithat/CVE-2024-6387

https://github.com/ahlfors/CVE-2024-6387

https://github.com/thegenetic/CVE-2024-6387-exploit

https://github.com/getdrive/CVE-2024-6387-PoC

https://github.com/jack0we/CVE-2024-6387

https://github.com/n1cks0n/Test_CVE-2024-6387

https://github.com/xonoxitron/regreSSHion-checker

https://github.com/3yujw7njai/CVE-2024-6387

https://github.com/Symbolexe/CVE-2024-6387

https://github.com/shyrwall/cve-2024-6387-poc

https://github.com/dgourillon/mitigate-CVE-2024-6387

https://github.com/Maikefee/CVE-2024-6387_Check.py

https://github.com/vkaushik-chef/regreSSHion

https://github.com/betancour/OpenSSH-Vulnerability-test

https://github.com/dgicloud/patch_regreSSHion

https://github.com/MaulikxLakhani/SSHScout

https://github.com/CognisysGroup/CVE-2024-6387-Checker

https://github.com/xaitax/CVE-2024-6387_Check

https://github.com/d0rb/CVE-2024-6387

https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-

https://github.com/zgzhang/cve-2024-6387-poc

https://github.com/FerasAlrimali/CVE-2024-6387-POC

https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387

https://github.com/theaog/spirit

https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker

https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker

https://github.com/sms2056/CVE-2024-6387

https://github.com/ACHUX21/checker-CVE-2024-6387

https://github.com/k4t3pr0/CVE-2024-6387-POC

https://github.com/password123456/cve-security-response-guidelines

https://github.com/t3rry327/cve-2024-6387-poc

https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc

https://github.com/SecWithMoh/CVE-2024-6387

https://github.com/dawnl3ss/CVE-2024-6387

https://github.com/HadesNull123/CVE-2024-6387_Check

https://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template

https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit

screaminggoat at 2024-07-17T15:20:39.729Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 . It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T14:29:28.529Z ##

Trend Micro: The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
I'm sure this dead horse has been beaten thoroughly but just in case: Trend Micro checks the OpenSSH vulnerabilities CVE-2024-6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Check parent toots above for more information on CVE-2024-6387 .
CVE-2024-6409 (7.0 high, disclosed 08 July 2024 by OpenWall) is another OpenSSH race condition vulnerability allowing for RCE as well.

##

gorn_tech@mastodon.social at 2024-07-14T12:44:09.000Z ##

CVE-2024-6387 OpenSSHでまた別のRCEに繋がる脆弱性が出ています。RCE Remote Code Execution
e-words.jp/w/RCE.html

今月2度目、疲れた。

#脆弱性
#CVE
#cve_2024_6387

##

screaminggoat at 2024-07-12T01:24:09.886Z ##

Microsoft Security Response Center (MSRC) security advisory: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
See parent toots above for additional information on CVE-2024-6387

Is Microsoft Windows vulnerable to CVE-2024-6387?

No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.

##

TomSellers at 2024-07-10T22:25:11.803Z ##

For you folks looking to address the OpenSSH regreSSHion vulnerability in your networks you should know that the PKIX-SSH project is also impacted since it is a fork of OpenSSH.

It is frequently used in network management gear, BMCs, etc.

runzero.com/blog/pkix-ssh-serv

##

goncalor at 2024-07-10T09:36:50.644Z ##

My SSH was based on 8.5p1, so it was vulnerable to (the first vulnerable version, what a luck).

After procrastinating this for a few days I've finally revisited the code and patched 9.8p1 as my new base for this honeypot.

Now there's a sshd-session binary that sshd requires to work. They've splitted the authentication part into this binary. I've not gone to much into the details, but this made me take a bit longer to have the honeypot correctly working again.

Let the creds, etc. flow in again.

##

screaminggoat@infosec.exchange at 2024-07-17T15:20:39.000Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 #regreSSHion. It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

#CVE_2024_6387 #openssh #cisco

##

screaminggoat@infosec.exchange at 2024-07-17T14:29:28.000Z ##

Trend Micro: The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
I'm sure this dead horse has been beaten thoroughly but just in case: Trend Micro checks the OpenSSH vulnerabilities CVE-2024-6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Check parent toots above for more information on CVE-2024-6387 #regreSSHion.
CVE-2024-6409 (7.0 high, disclosed 08 July 2024 by OpenWall) is another OpenSSH race condition vulnerability allowing for RCE as well.

#openssh #vulnerability #CVE_2024_6387 #CVE_2024_6509

##

screaminggoat@infosec.exchange at 2024-07-12T01:24:09.000Z ##

Microsoft Security Response Center (MSRC) security advisory: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
See parent toots above for additional information on CVE-2024-6387 #regreSSHion

Is Microsoft Windows vulnerable to CVE-2024-6387?

No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.

#CVE_2024_6387 #Microsoft #cve #vulnerability

##

TomSellers@infosec.exchange at 2024-07-10T22:25:11.000Z ##

For you folks looking to address the OpenSSH regreSSHion vulnerability in your networks you should know that the PKIX-SSH project is also impacted since it is a fork of OpenSSH.

It is frequently used in network management gear, BMCs, etc.

runzero.com/blog/pkix-ssh-serv

#cve_2024_6387 #regreSSHion

##

goncalor@infosec.exchange at 2024-07-10T09:36:50.000Z ##

My SSH #honeypot was based on #OpenSSH 8.5p1, so it was vulnerable to #regreSSHion (the first vulnerable version, what a luck).

After procrastinating this for a few days I've finally revisited the code and patched 9.8p1 as my new base for this honeypot.

Now there's a sshd-session binary that sshd requires to work. They've splitted the authentication part into this binary. I've not gone to much into the details, but this made me take a bit longer to have the honeypot correctly working again.

Let the creds, etc. flow in again.

#CVE_2024_6387

##

jelloeater@mastodon.social at 2024-07-10T10:30:00.000Z ##

What you need to know about #regreSSHion: an #OpenSSH server remote code execution vulnerability
#CVE20246387
ubuntu.com//blog/ubuntu-regres

##

screaminggoat at 2024-07-17T15:20:39.729Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 . It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T14:29:28.529Z ##

Trend Micro: The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
I'm sure this dead horse has been beaten thoroughly but just in case: Trend Micro checks the OpenSSH vulnerabilities CVE-2024-6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Check parent toots above for more information on CVE-2024-6387 .
CVE-2024-6409 (7.0 high, disclosed 08 July 2024 by OpenWall) is another OpenSSH race condition vulnerability allowing for RCE as well.

##

gorn_tech@mastodon.social at 2024-07-14T12:44:09.000Z ##

CVE-2024-6387 OpenSSHでまた別のRCEに繋がる脆弱性が出ています。RCE Remote Code Execution
e-words.jp/w/RCE.html

今月2度目、疲れた。

#脆弱性
#CVE
#cve_2024_6387

##

screaminggoat at 2024-07-12T01:24:09.886Z ##

Microsoft Security Response Center (MSRC) security advisory: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
See parent toots above for additional information on CVE-2024-6387

Is Microsoft Windows vulnerable to CVE-2024-6387?

No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.

##

TomSellers at 2024-07-10T22:25:11.803Z ##

For you folks looking to address the OpenSSH regreSSHion vulnerability in your networks you should know that the PKIX-SSH project is also impacted since it is a fork of OpenSSH.

It is frequently used in network management gear, BMCs, etc.

runzero.com/blog/pkix-ssh-serv

##

goncalor at 2024-07-10T09:36:50.644Z ##

My SSH was based on 8.5p1, so it was vulnerable to (the first vulnerable version, what a luck).

After procrastinating this for a few days I've finally revisited the code and patched 9.8p1 as my new base for this honeypot.

Now there's a sshd-session binary that sshd requires to work. They've splitted the authentication part into this binary. I've not gone to much into the details, but this made me take a bit longer to have the honeypot correctly working again.

Let the creds, etc. flow in again.

##

screaminggoat@infosec.exchange at 2024-07-17T15:20:39.000Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 #regreSSHion. It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

#CVE_2024_6387 #openssh #cisco

##

screaminggoat@infosec.exchange at 2024-07-17T14:29:28.000Z ##

Trend Micro: The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
I'm sure this dead horse has been beaten thoroughly but just in case: Trend Micro checks the OpenSSH vulnerabilities CVE-2024-6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Check parent toots above for more information on CVE-2024-6387 #regreSSHion.
CVE-2024-6409 (7.0 high, disclosed 08 July 2024 by OpenWall) is another OpenSSH race condition vulnerability allowing for RCE as well.

#openssh #vulnerability #CVE_2024_6387 #CVE_2024_6509

##

screaminggoat@infosec.exchange at 2024-07-12T01:24:09.000Z ##

Microsoft Security Response Center (MSRC) security advisory: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
See parent toots above for additional information on CVE-2024-6387 #regreSSHion

Is Microsoft Windows vulnerable to CVE-2024-6387?

No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.

#CVE_2024_6387 #Microsoft #cve #vulnerability

##

TomSellers@infosec.exchange at 2024-07-10T22:25:11.000Z ##

For you folks looking to address the OpenSSH regreSSHion vulnerability in your networks you should know that the PKIX-SSH project is also impacted since it is a fork of OpenSSH.

It is frequently used in network management gear, BMCs, etc.

runzero.com/blog/pkix-ssh-serv

#cve_2024_6387 #regreSSHion

##

goncalor@infosec.exchange at 2024-07-10T09:36:50.000Z ##

My SSH #honeypot was based on #OpenSSH 8.5p1, so it was vulnerable to #regreSSHion (the first vulnerable version, what a luck).

After procrastinating this for a few days I've finally revisited the code and patched 9.8p1 as my new base for this honeypot.

Now there's a sshd-session binary that sshd requires to work. They've splitted the authentication part into this binary. I've not gone to much into the details, but this made me take a bit longer to have the honeypot correctly working again.

Let the creds, etc. flow in again.

#CVE_2024_6387

##

jelloeater@mastodon.social at 2024-07-10T10:30:00.000Z ##

What you need to know about #regreSSHion: an #OpenSSH server remote code execution vulnerability
#CVE20246387
ubuntu.com//blog/ubuntu-regres

##

dev_classmethod@rss-mstdn.studiofreesia.com at 2024-07-20T00:48:07.000Z ##

ワークショップ『サーバーレスエンジニアのための体験型Linux入門 ~regreSSHion(CVE-2024-6387)編~』を開催しました #devio2024 #cm_odyssey
dev.classmethod.jp/articles/ba

#dev_classmethod #Linux #OpenSSH

##

secpoint@mastodon.social at 2024-07-18T20:28:45.000Z ##

🚨 Protect your systems! Scan for the critical OpenSSH vulnerability CVE-2024-6387 (regreSSHion) and the older flaws CVE-2006-5051 and CVE-2008-4109. Use the SecPoint Penetrator V60 to detect and fix these security risks effectively. Stay secure! secpoint.com 🔐 #CyberSecurity #OpenSSH #Vulnerability #SecPoint #regreSSHion #SecPointPenetrator #Penetrator #CyberSecurityNews

##

threatcodex at 2024-07-18T15:29:31.269Z ##

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
–6387
trendmicro.com/en_us/research/

##

PopularLinks@mastodon.social at 2024-07-18T14:17:27.000Z ##

"oss-security - CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems"

openwall.com/lists/oss-securit

Seen in 1 statuses.
Total Boosts: 0
Total Favourites: 1

##

nicole@tietz.social at 2024-07-12T18:22:20.000Z ##

fyi if anyone needs concrete steps for the sshd RCE vulnerability, here's a blog post I found helpful that provides impact and resolution, split out by different linux distribution

arcticwolf.com/resources/blog/

##

GossiTheDog@cyberplace.social at 2024-07-11T13:04:30.000Z ##

I still haven’t seen a public exploit for CVE-2024-6387 aka the SSH vuln that works.

I have seen various backdoored proof of concept exploits. Here’s one: santandersecurityresearch.gith

##

juliensalort@physfluids.fr at 2024-07-11T10:39:33.000Z ##

@bortzmeyer @Nitchevo Par contre c'est pas complètement clair pour moi pour Raspberry Pi OS. Apparemment, c'est basé sur Debian Bookworm mais ici, security-tracker.debian.org/tr, c'est mis "vulnerable" sauf pour bookworm (security) donc comment savoir si ma version est patchée ?

##

nydus@social.tchncs.de at 2024-07-10T12:14:45.000Z ##

Neue Sicherheitslücken in OpenSSH entdeckt: Eine jüngst bekannt gewordene Schwachstelle in OpenSSH bot Angreifern die Möglichkeit, root-Rechte durch Brute-Force-Angriffe zu erlangen. Den Namen trägt sie: "RegreSSHion" (CVE-2024-6387). Ein IT-Forscher untersuchte daraufhin den Code weiter fand eine zusätzliche ähnliche Schwachstelle in der Software für sichere Verbindungen. nydus.org/news/131896-neue-sic

##

ottoto2017@prattohome.com at 2024-07-10T05:56:14.000Z ##

「新しい #OpenSSH #脆弱性 が発見されました: リモートでコードが実行される潜在的なリスク 」: The Hacker News

「この脆弱性は #CVE-2024-6409 (CVSS スコア: 7.0) として追跡されており、 CVE-2024-6387 (別名 RegreSSHion) とは異なり、シグナル処理の競合状態による privsep 子プロセス でのコード実行のケースに関連しています。 。 Red Hat Enterprise Linux 9 に同梱されているバージョン 8.7p1 および 8.8p1 にのみ影響します。」

#RHEL9 のみの問題のよう。

thehackernews.com/2024/07/new-

#prattohome #TheHackerNews

##

nicole@tietz.social at 2024-07-12T18:22:20.000Z ##

fyi if anyone needs concrete steps for the sshd RCE vulnerability, here's a blog post I found helpful that provides impact and resolution, split out by different linux distribution

arcticwolf.com/resources/blog/

##

GossiTheDog@cyberplace.social at 2024-07-11T13:04:30.000Z ##

I still haven’t seen a public exploit for CVE-2024-6387 aka the SSH vuln that works.

I have seen various backdoored proof of concept exploits. Here’s one: santandersecurityresearch.gith

##

juliensalort@physfluids.fr at 2024-07-11T10:39:33.000Z ##

@bortzmeyer @Nitchevo Par contre c'est pas complètement clair pour moi pour Raspberry Pi OS. Apparemment, c'est basé sur Debian Bookworm mais ici, security-tracker.debian.org/tr, c'est mis "vulnerable" sauf pour bookworm (security) donc comment savoir si ma version est patchée ?

##

LucasWerkmeister@wikis.world at 2024-07-09T16:18:14.000Z ##

@marcan Now that openwall.com/lists/oss-securit is public – presumably they already knew that

> the "LoginGraceTime 0" mitigation works against both issues, whereas the "-e" mitigation only works against CVE-2024-6387 and not (fully) against CVE-2024-6409.

##

screaminggoat@infosec.exchange at 2024-07-09T16:00:59.000Z ##

Happy #PatchTuesday from Fortinet:

  • FG-IR-23-485 CVE-2024-26006 (7.5 high) Cross site scripting vulnerability in SSL VPN web UI
  • FG-IR-24-073 CVE-2024-27785 (5.4 medium) FortiAIOps - CSV Injection in export device inventory feature
  • FG-IR-24-070 CVE-2024-27783 (7.6 high) FortiAIOps - Cross-site request forgery
  • FG-IR-24-069 CVE-2024-27782 (8.1 high) FortiAIOps - Improper Session Management
  • FG-IR-24-072 CVE-2024-27784 (8.8 high) FortiAIOps - Sensitive Information leak to an Unauthorized Actor
  • FG-IR-23-446 CVE-2024-26015 (3.4 low) FortiOS - IP address validation mishandles zero characters
  • FG-IR-23-469 CVE-2023-50181 (4.9 medium) Improper access control vulnerability in administrative interface
  • FG-IR-24-011 CVE-2024-21759 (4.3 medium) Insecure Direct Object Reference in policy API Endpoint
  • FG-IR-22-298 CVE-2023-50178 (7.4 high) Multiple lack of client-side certificate validation when establishing secure connections
  • FG-IR-24-258 CVE-2024-6387 (8.1 high) OpenSSH #regreSSHion Attack (CVE-2024-6387)
  • FG-IR-23-459 CVE-2024-23663 (8.8 high) Privilege escalation from low privilege administrator
  • FG-IR-23-480 CVE-2023-50179 (4.8 medium) [FortiADC] Lack of client-side certificate validation when establishing secure connections with public SDN connectors
  • FG-IR-22-326 CVE-2024-33509 (4.8 medium) [FortiWeb] Lack of client-side certificate validation when establishing secure connections

No mention of exploitation.

#Fortinet #vulnerability #CVE

##

dominee@infosec.exchange at 2024-07-09T15:02:18.000Z ##

oss-security - Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems openwall.com/lists/oss-securit < CVE-2024-6409: #OpenSSH Possible remote code execution in privsep child due to a race condition in signal handling < Fedora releases 36 and 37 were affected

##

CVE-2024-5321
(6.1 MEDIUM)

EPSS: 0.04%

updated 2024-07-18T21:58:16

2 posts

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

CVE-2024-6455
(5.3 MEDIUM)

EPSS: 0.05%

updated 2024-07-18T21:30:43

2 posts

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

CVE-2024-20419
(10.0 CRITICAL)

EPSS: 0.04%

updated 2024-07-18T12:28:43.707000

25 posts

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected devi

mttaggart@infosec.town at 2024-07-17T17:29:17.407Z ##

Cisco also dropped a banger 10.0 today, for their SSM On-Prem Password Manager!

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
Lmao, so basically it's a one-stop shop for any account an attacker wants.

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

#Cisco #Vulnerability #CVE_2024_20419

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

mttaggart@infosec.town at 2024-07-17T17:29:17.407Z ##

Cisco also dropped a banger 10.0 today, for their SSM On-Prem Password Manager!

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
Lmao, so basically it's a one-stop shop for any account an attacker wants.

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

#Cisco #Vulnerability #CVE_2024_20419

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

jos1264@social.skynetcloud.site at 2024-07-18T18:25:02.000Z ##

Cisco SSM On-Prem Addresses Critical Vulnerability That Allowed Attackers to Change User Passwords thecyberexpress.com/cisco-ssm- #SmartSoftwareManager #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #CiscoSSMOnPrem #FirewallDaily #CVE202420419 #Cisco

##

jos1264@social.skynetcloud.site at 2024-07-18T18:25:02.000Z ##

Cisco SSM On-Prem Addresses Critical Vulnerability That Allowed Attackers to Change User Passwords thecyberexpress.com/cisco-ssm- #SmartSoftwareManager #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #CiscoSSMOnPrem #FirewallDaily #CVE202420419 #Cisco

##

jos1264@social.skynetcloud.site at 2024-07-18T18:25:02.000Z ##

Cisco SSM On-Prem Addresses Critical Vulnerability That Allowed Attackers to Change User Passwords thecyberexpress.com/cisco-ssm- #SmartSoftwareManager #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #CiscoSSMOnPrem #FirewallDaily #CVE202420419 #Cisco

##

jos1264@social.skynetcloud.site at 2024-07-18T18:25:02.000Z ##

Cisco SSM On-Prem Addresses Critical Vulnerability That Allowed Attackers to Change User Passwords thecyberexpress.com/cisco-ssm- #SmartSoftwareManager #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #CiscoSSMOnPrem #FirewallDaily #CVE202420419 #Cisco

##

mttaggart@infosec.town at 2024-07-17T17:29:17.407Z ##

Cisco also dropped a banger 10.0 today, for their SSM On-Prem Password Manager!

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
Lmao, so basically it's a one-stop shop for any account an attacker wants.

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

#Cisco #Vulnerability #CVE_2024_20419

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

mttaggart@infosec.town at 2024-07-17T17:29:17.407Z ##

Cisco also dropped a banger 10.0 today, for their SSM On-Prem Password Manager!

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
Lmao, so basically it's a one-stop shop for any account an attacker wants.

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

#Cisco #Vulnerability #CVE_2024_20419

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

patchnow24x7 at 2024-07-19T04:40:00.116Z ##

Urgent :: CVE-2024-20419 :: CVSS 10 :: Upgrade CISCO SSM on-Prem (f.k.a. Satellite) RIGHT NOW !!

Advisory:

sec.cloudapps.cisco.com/securi












##

AAKL at 2024-07-18T14:57:08.216Z ##

patches maximum severity vulnerability CVE-2024-20419 that allows attackers to change the password of any user, including admins theregister.com/2024/07/18/max @theregister

##

nydus@social.tchncs.de at 2024-07-18T14:24:11.000Z ##

Sicherheitslücke mit Höchstwertung in Cisco Smart Software Manager On-Prem: Cisco hat kritische Schwachstellen in seinen Produkten geschlossen. Admins müssen die verfügbaren Patches schnell installieren - die Systeme zu schützen. Weiterführende Informationen zu gefährdeten und abgesicherten Versionen finden sich in den verlinkten Warnmeldungen unterhalb dieser Meldung. Eine „kritische“ Lücke (CVE-2024-20419) hat die Höchstwertung erhalten – der CVSS-Score beträgt 10 von… nydus.org/news/131932-sicherhe

##

jos1264@social.skynetcloud.site at 2024-07-18T09:45:03.000Z ##

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) helpnetsecurity.com/2024/07/18 #securityupdate #emailsecurity #vulnerability #Don'tmiss #Hotstuff #Cisco #News

##

benzogaga33@mamot.fr at 2024-07-18T09:40:02.000Z ##

Cisco SSM On-Prem : cette faille critique permet à un attaquant de changer le mot de passe des utilisateurs it-connect.fr/faille-de-securi #ActuCybersécurité #Cybersécurité #Vulnérabilité #Cisco

##

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

hrbrmstr@mastodon.social at 2024-07-17T16:27:52.000Z ##

🚨 CVE-2024-20419: A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.

(this is not going to end well)

h/t @_mattata

sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T15:20:39.729Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 . It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

##

AAKL@infosec.exchange at 2024-07-18T14:57:08.000Z ##

#Cisco patches maximum severity vulnerability CVE-2024-20419 that allows attackers to change the password of any user, including admins theregister.com/2024/07/18/max @theregister #cybersecurity #infosec

##

jos1264@social.skynetcloud.site at 2024-07-18T09:45:03.000Z ##

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) helpnetsecurity.com/2024/07/18 #securityupdate #emailsecurity #vulnerability #Don'tmiss #Hotstuff #Cisco #News

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

hrbrmstr@mastodon.social at 2024-07-17T16:27:52.000Z ##

🚨 CVE-2024-20419: A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.

(this is not going to end well)

h/t @_mattata

sec.cloudapps.cisco.com/securi

##

screaminggoat@infosec.exchange at 2024-07-17T15:20:39.000Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 #regreSSHion. It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

#CVE_2024_6387 #openssh #cisco

##

CVE-2024-40764
(0 None)

EPSS: 0.04%

updated 2024-07-18T12:28:43.707000

4 posts

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

screaminggoat at 2024-07-17T17:08:00.466Z ##

SonicWall security advisory: Heap-based buffer overflow vulnerability in SonicOS IPSec VPN
CVE-2024-40764 (7.5 high) Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Fix and workaround available. No mention of exploitation.

##

screaminggoat@infosec.exchange at 2024-07-17T17:08:00.000Z ##

SonicWall security advisory: Heap-based buffer overflow vulnerability in SonicOS IPSec VPN
CVE-2024-40764 (7.5 high) Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Fix and workaround available. No mention of exploitation.

#SonicWall #vulnerability #CVE_2024_40764 #CVE

##

screaminggoat at 2024-07-17T17:08:00.466Z ##

SonicWall security advisory: Heap-based buffer overflow vulnerability in SonicOS IPSec VPN
CVE-2024-40764 (7.5 high) Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Fix and workaround available. No mention of exploitation.

##

screaminggoat@infosec.exchange at 2024-07-17T17:08:00.000Z ##

SonicWall security advisory: Heap-based buffer overflow vulnerability in SonicOS IPSec VPN
CVE-2024-40764 (7.5 high) Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Fix and workaround available. No mention of exploitation.

#SonicWall #vulnerability #CVE_2024_40764 #CVE

##

CVE-2024-5964
(6.4 MEDIUM)

EPSS: 0.04%

updated 2024-07-18T12:28:43.707000

2 posts

The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenev

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

CVE-2023-6708
(5.4 MEDIUM)

EPSS: 0.07%

updated 2024-07-18T12:28:43.707000

2 posts

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

CVE-2024-6705
(5.5 MEDIUM)

EPSS: 0.07%

updated 2024-07-18T03:31:36

2 posts

The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected pa

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

CVE-2024-6175
(5.4 MEDIUM)

EPSS: 0.04%

updated 2024-07-18T03:31:35

2 posts

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

CVE-2024-6599
(4.3 MEDIUM)

EPSS: 0.05%

updated 2024-07-18T03:31:35

2 posts

The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

CVE-2024-5726
(8.8 HIGH)

EPSS: 0.07%

updated 2024-07-18T03:31:35

2 posts

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via

AAKL at 2024-07-17T15:56:53.274Z ##

Wordfence has listed 7 vulnerabilities.

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

AAKL@infosec.exchange at 2024-07-17T15:56:53.000Z ##

Wordfence has listed 7 #WordPress vulnerabilities. #cybersecurity #infosec

- CVE-2024-5726: Timeline Event History plugin PHP Object Injection wordfence.com/threat-intel/vul

- CVE-2024-6705: RegLevel Stored Cross-Site Scripting via admin settings wordfence.com/threat-intel/vul

- CVE-2024-5964: Zenon Lite theme Stored Cross-Site Scripting via ‘url’ parameter wordfence.com/threat-intel/vul

- CVE-2024-6175: Booking Ultra Pro Appointments Booking Calendar Plugin unauthorized modification of data wordfence.com/threat-intel/vul

- CVE-2024-6599: Meks Video Importer plugin unauthorized API key modification wordfence.com/threat-intel/vul

- CVE-2024-35761: Online Booking & Scheduling Calendar plugin Stored Cross-Site Scripting wordfence.com/threat-intel/vul

- CVE-2023-6708: SVG Support plugin Stored Cross-Site Scripting via SVG upload feature wordfence.com/threat-intel/vul

##

screaminggoat at 2024-07-17T15:25:30.626Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

##

screaminggoat at 2024-07-17T13:26:27.267Z ##

Adobe security advisory: Security update available for Adobe Commerce | APSB24-40
This advisory is originally from 11 June 2024. Sometime this month, Adobe updated this advisory stating CVE-2024-34102 (9.8 critical) exploitation in the wild:

Adobe is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants.

NVD description of CVE-2024-34102:

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

cc: @campuscodi @mttaggart @AAKL @avoidthehack

##

screaminggoat@infosec.exchange at 2024-07-17T15:25:30.000Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

#CVE #eitw #kev #cisa #knownexploitedvulnerabilitiescatalog #vulnerability #activeexploitation #CVE_2024_34102 #CVE_2024_28995 #CVE_2022_22948

##

screaminggoat@infosec.exchange at 2024-07-17T13:26:27.000Z ##

Adobe security advisory: Security update available for Adobe Commerce | APSB24-40
This advisory is originally from 11 June 2024. Sometime this month, Adobe updated this advisory stating CVE-2024-34102 (9.8 critical) exploitation in the wild:

Adobe is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants.

NVD description of CVE-2024-34102:

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

cc: @campuscodi @mttaggart @AAKL @avoidthehack

#CVE_2024_34102 #Magento #eitw #activeexploitation #vulnerability #Adobe #AdobeCommerce

##

screaminggoat at 2024-07-17T18:29:21.419Z ##

@hrbrmstr evidence of exploitation:

##

AAKL at 2024-07-17T16:12:31.083Z ##

has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber

##

campuscodi@mastodon.social at 2024-07-14T11:14:33.000Z ##

SanSec says attacks using the CosmicSting bug have entered the phase of mass exploitation.

The company says it's seeing between three and five stores getting hacked every hour, including major brands.

The vulnerability was patched in early June and impacts roughly three-quarters of all Magento and Adobe Commerce stores.

SanSec describes CosmicSting (CVE-2024-34102) as the worst bug to hit Magento and Adobe Commerce stores in the past two years.

sansec.io/research/cosmicsting

##

screaminggoat@infosec.exchange at 2024-07-17T18:29:21.000Z ##

@hrbrmstr evidence of exploitation:

##

AAKL@infosec.exchange at 2024-07-17T16:12:31.000Z ##

#CISA has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: #Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: #SolarWinds Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: #VMware vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber #cybersecurity #infosec #opensource

##

campuscodi@mastodon.social at 2024-07-14T11:14:33.000Z ##

SanSec says attacks using the CosmicSting bug have entered the phase of mass exploitation.

The company says it's seeing between three and five stores getting hacked every hour, including major brands.

The vulnerability was patched in early June and impacts roughly three-quarters of all Magento and Adobe Commerce stores.

SanSec describes CosmicSting (CVE-2024-34102) as the worst bug to hit Magento and Adobe Commerce stores in the past two years.

sansec.io/research/cosmicsting

##

screaminggoat at 2024-07-17T15:25:30.626Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

##

screaminggoat@infosec.exchange at 2024-07-17T15:25:30.000Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

#CVE #eitw #kev #cisa #knownexploitedvulnerabilitiescatalog #vulnerability #activeexploitation #CVE_2024_34102 #CVE_2024_28995 #CVE_2022_22948

##

todb at 2024-07-20T17:33:36.552Z ##

@securityaffairs to close this loop - got such exploitation evidence, so CVE-2024-28995 is on the now (added a few days ago). cve.org/kev

##

jos1264@social.skynetcloud.site at 2024-07-17T18:35:03.000Z ##

SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) fortiguard.fortinet.com/threat

##

screaminggoat at 2024-07-17T18:29:21.419Z ##

@hrbrmstr evidence of exploitation:

##

hrbrmstr@mastodon.social at 2024-07-17T16:13:39.000Z ##

@screaminggoat twas nice if CISA to play catch-up on 🏷️ CVE-2024-28995: viz.greynoise.io/tags/solarwin

Haven't had a chance to assess the others yet.

##

AAKL at 2024-07-17T16:12:31.083Z ##

has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber

##

todb@infosec.exchange at 2024-07-20T17:33:36.000Z ##

@securityaffairs to close this loop - got such exploitation evidence, so CVE-2024-28995 is on the #KEV now (added a few days ago). cve.org/kev

##

jos1264@social.skynetcloud.site at 2024-07-17T18:35:03.000Z ##

SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) fortiguard.fortinet.com/threat

##

screaminggoat@infosec.exchange at 2024-07-17T18:29:21.000Z ##

@hrbrmstr evidence of exploitation:

##

hrbrmstr@mastodon.social at 2024-07-17T16:13:39.000Z ##

@screaminggoat twas nice if CISA to play catch-up on 🏷️ CVE-2024-28995: viz.greynoise.io/tags/solarwin

Haven't had a chance to assess the others yet.

##

AAKL@infosec.exchange at 2024-07-17T16:12:31.000Z ##

#CISA has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: #Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: #SolarWinds Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: #VMware vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber #cybersecurity #infosec #opensource

##

CVE-2022-22948
(6.5 MEDIUM)

EPSS: 0.78%

updated 2024-07-18T01:00:03.190000

6 posts

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

1 repos

https://github.com/PenteraIO/CVE-2022-22948

screaminggoat at 2024-07-17T15:25:30.626Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

##

screaminggoat@infosec.exchange at 2024-07-17T15:25:30.000Z ##

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds three to the KEV Catalog:

  • CVE-2024-34102 (9.8 critical, disclosed 11 June 2024) Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  • CVE-2024-28995 (7.5 high, disclosed) 05 June 2024) SolarWinds Serv-U Path Traversal Vulnerability
  • CVE-2022-22948 (6.5 medium, disclosed 27 March 2022) VMware vCenter Server Incorrect Default File Permissions Vulnerability

cc: @hrbrmstr

#CVE #eitw #kev #cisa #knownexploitedvulnerabilitiescatalog #vulnerability #activeexploitation #CVE_2024_34102 #CVE_2024_28995 #CVE_2022_22948

##

screaminggoat at 2024-07-17T18:29:21.419Z ##

@hrbrmstr evidence of exploitation:

##

AAKL at 2024-07-17T16:12:31.083Z ##

has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber

##

screaminggoat@infosec.exchange at 2024-07-17T18:29:21.000Z ##

@hrbrmstr evidence of exploitation:

##

AAKL@infosec.exchange at 2024-07-17T16:12:31.000Z ##

#CISA has added three vulnerabilities to the KEV Catalogue:

- CVE-2024-34102: #Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2024-28995: #SolarWinds Serv-U Path Traversal Vulnerability nvd.nist.gov/vuln/detail/CVE-2

- CVE-2022-22948: #VMware vCenter Server Incorrect Default File Permissions Vulnerability nvd.nist.gov/vuln/detail/CVE-2

Press release:

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement. Jeff Greene appointed Executive Assistant Director for Cybersecurity cisa.gov/news-events/news/cisa @cisacyber #cybersecurity #infosec #opensource

##

CVE-2024-20323
(7.5 HIGH)

EPSS: 0.04%

updated 2024-07-17T18:31:06

4 posts

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20401
(9.8 CRITICAL)

EPSS: 0.04%

updated 2024-07-17T18:31:05

10 posts

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email

mttaggart@infosec.town at 2024-07-17T17:10:43.877Z ##

CVE-2024-20401: Cisco Secure Email Gateway Arbitrary File Write Vulnerability

CVSS Base 9.8: Critical

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

I'm sure
@screaminggoat already alerted about this and I missed it, but here you go.

Actually there's a whole slew of Cisco advisories today. Check them out
here.

#CVE_2024_20401 #Cisco #Vulnerability

##

mttaggart@infosec.town at 2024-07-17T17:10:43.877Z ##

CVE-2024-20401: Cisco Secure Email Gateway Arbitrary File Write Vulnerability

CVSS Base 9.8: Critical

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

I'm sure
@screaminggoat already alerted about this and I missed it, but here you go.

Actually there's a whole slew of Cisco advisories today. Check them out
here.

#CVE_2024_20401 #Cisco #Vulnerability

##

jos1264@social.skynetcloud.site at 2024-07-18T09:45:03.000Z ##

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) helpnetsecurity.com/2024/07/18 #securityupdate #emailsecurity #vulnerability #Don'tmiss #Hotstuff #Cisco #News

##

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

screaminggoat at 2024-07-17T15:20:39.729Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 . It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

##

jos1264@social.skynetcloud.site at 2024-07-18T09:45:03.000Z ##

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) helpnetsecurity.com/2024/07/18 #securityupdate #emailsecurity #vulnerability #Don'tmiss #Hotstuff #Cisco #News

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

screaminggoat@infosec.exchange at 2024-07-17T15:20:39.000Z ##

hat tip to Canadian Centre for Cyber Security (CCCS) for the alert: Cisco has updated their vulnerable product list which are vulnerable to CVE-2024-6387 #regreSSHion. It's too long to include in this toot so I'll let you read it yourself: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Edit: since this is gaining traction, Cisco dropped 9 more security advisories today, CVE-2024-20401 (9.8 critical) and CVE-2024-20419 (10.0 critical severity). Check out their security advisory page: sec.cloudapps.cisco.com/securi

#CVE_2024_6387 #openssh #cisco

##

CVE-2024-20296
(4.7 MEDIUM)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-base

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20435
(8.8 HIGH)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device.

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20416
(6.5 MEDIUM)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20400
(4.7 MEDIUM)

EPSS: 0.06%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the a

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20396
(5.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests.

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20395
(6.4 MEDIUM)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-20429
(6.5 MEDIUM)

EPSS: 0.04%

updated 2024-07-17T18:31:05

4 posts

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request

1 repos

#search_error

AAKL at 2024-07-17T17:30:22.056Z ##

has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi

##

screaminggoat at 2024-07-17T16:02:46.242Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

##

AAKL@infosec.exchange at 2024-07-17T17:30:22.000Z ##

#Cisco has listed several new vulnerabilities: sec.cloudapps.cisco.com/securi

CVE-2024-20401: Secure Email Gateway Arbitrary File Write Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20419: Smart Software Manager On-Prem Password Change Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20435: Secure Web Appliance Privilege Escalation Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20296: Identity Services Engine Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20323: Intelligent Node Software Static Key Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20395 and CVE-2024-20396: Webex App Vulnerabilities sec.cloudapps.cisco.com/securi

CVE-2024-20416: RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20400: Expressway Series Open Redirect Vulnerability sec.cloudapps.cisco.com/securi

CVE-2024-20429: Secure Email Gateway Server-Side Template Injection Vulnerability sec.cloudapps.cisco.com/securi #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2024-07-17T16:02:46.000Z ##

Cisco security advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
CVE-2024-20419 (a perfect 10.0 critical severity 🥳 cc: @cR0w)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Late edit for more Cisco security advisories, h/t @mttaggart:

#Cisco #vulnerability #CVE_2024_20419 #cve

##

CVE-2024-28074
(9.7 CRITICAL)

EPSS: 0.05%

updated 2024-07-17T15:30:52

7 posts

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23472
(9.7 CRITICAL)

EPSS: 0.06%

updated 2024-07-17T15:30:52

5 posts

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23475
(9.7 CRITICAL)

EPSS: 0.06%

updated 2024-07-17T15:30:52

3 posts

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

1 repos

#search_error

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-28992
(7.6 HIGH)

EPSS: 0.04%

updated 2024-07-17T15:30:52

2 posts

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-28993
(7.6 HIGH)

EPSS: 0.05%

updated 2024-07-17T15:30:52

2 posts

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23471
(9.7 CRITICAL)

EPSS: 0.05%

updated 2024-07-17T15:30:51

6 posts

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23469
(9.7 CRITICAL)

EPSS: 0.05%

updated 2024-07-17T15:30:51

7 posts

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:17.000Z ##

O_O

CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability
CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability

1/2

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23470
(9.7 CRITICAL)

EPSS: 0.05%

updated 2024-07-17T15:30:51

2 posts

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

CVE-2024-23474
(7.6 HIGH)

EPSS: 0.05%

updated 2024-07-17T15:30:51

3 posts

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23467
(9.7 CRITICAL)

EPSS: 0.06%

updated 2024-07-17T15:30:50

7 posts

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

patchnow24x7 at 2024-07-19T06:03:44.379Z ##

Critical : Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager (ARM).

Official Advisories:

CVE-2024-23467 : solarwinds.com/trust-center/se

CVE-2024-23469 : solarwinds.com/trust-center/se

CVE-2024-23472 : solarwinds.com/trust-center/se

CVE-2024-23474 : solarwinds.com/trust-center/se

CVE-2024-23475 : solarwinds.com/trust-center/se

Patch Release Notes:

documentation.solarwinds.com/e












##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23466
(9.7 CRITICAL)

EPSS: 0.06%

updated 2024-07-17T15:30:50

6 posts

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56 at 2024-07-19T11:18:50.660Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

hrbrmstr@mastodon.social at 2024-07-19T11:35:40.000Z ##

O_O

CVE-2024-23471 - Solarwinds ARM Traversal and Information Disclosure Vulnerability
CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability
CVE-2024-23466 - Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability
CVE-2024-23471 - Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability

2/2

##

jbhall56@infosec.exchange at 2024-07-19T11:18:50.000Z ##

Six of the critical flaws – CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-28074 – could be exploited for remote code execution, the company warns. securityweek.com/solarwinds-pa

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-23468
(7.6 HIGH)

EPSS: 0.05%

updated 2024-07-17T15:30:50

2 posts

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

screaminggoat at 2024-07-18T16:15:18.251Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

##

screaminggoat@infosec.exchange at 2024-07-18T16:15:18.000Z ##

SolarWinds security advisories:

h/t @serghei. See related Bleeping Computer reporting: SolarWinds fixes 8 critical bugs in access rights audit software

Most of these vulnerabilities were found by Piotr Bazydło @chudypb of Trend Micro's Zero Day Initiative @thezdi

#cve #solarwinds #vulnerability #patchtuesday #zdi

##

CVE-2024-6772(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:33:02

2 posts

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6773(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:33:01

2 posts

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6779(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:33:01

2 posts

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-21181
(9.8 CRITICAL)

EPSS: 0.15%

updated 2024-07-17T00:32:56

2 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVS

patchnow24x7 at 2024-07-20T05:24:46.972Z ##

CVE-2024-21181 :: CVSS Score : 9.8 :: Oracle WebLogic Server vulnerability

Oracle CPu July:

oracle.com/security-alerts/cpu (Search for CVE-2024-21181)

##

the_yellow_fall@x.good.news at 2024-07-19T02:21:32.000Z ## #Oracle has issued a warning to users of its #WebLogic Server, urging them to immediately patch a critical flaw (CVE-2024-21181) that could lead to a complete takeover of the server. The flaw is easily exploitable and does not require any authentication https://t.co/J884QI1Dog ##

CVE-2024-6778(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:32:54

2 posts

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6775(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:32:54

2 posts

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6777(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:32:54

2 posts

Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6774(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:32:54

2 posts

Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6776(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-17T00:32:54

2 posts

Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat at 2024-07-19T00:13:19.191Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

##

screaminggoat@infosec.exchange at 2024-07-19T00:13:19.000Z ##

Microsoft Security Response Center (MSRC) updated Microsoft Edge to address the following Chromium vulnerabilities:

See the parent toot above for the original Google Chrome security advisory

#Microsoft #MSRC #Chrome #Chromium #vulnerability

##

CVE-2024-6610(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:47

2 posts

Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6612
(5.3 MEDIUM)

EPSS: 0.04%

updated 2024-07-16T18:32:47

2 posts

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6608(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6601(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6604(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6602
(9.8 CRITICAL)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

1 repos

#search_error

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6603
(7.4 HIGH)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

1 repos

#search_error

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6613(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6607(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6600(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6611
(9.8 CRITICAL)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6606
(9.8 CRITICAL)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6615(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6609(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:32:46

2 posts

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-6614(CVSS UNKNOWN)

EPSS: 0.04%

updated 2024-07-16T18:31:42

2 posts

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.

H3liumb0y at 2024-07-11T08:37:16.844Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

-6605

##

H3liumb0y@infosec.exchange at 2024-07-11T08:37:16.000Z ##

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

  1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
  2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
  3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
  4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
  5. CVE-2024-6609: Memory corruption in NSS (Moderate)
  6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
  7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
  8. CVE-2024-6601: Race condition in permission assignment (Moderate)
  9. CVE-2024-6602: Memory corruption in NSS (Moderate)
  10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
  11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
  12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
  13. CVE-2024-6613: Incorrect listing of stack frames (Low)
  14. CVE-2024-6614: Incorrect listing of stack frames (Low)
  15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
  16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

  • Firefox versions prior to 128
  • Firefox ESR versions prior to 115.13
  • Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

##

CVE-2024-36401
(9.8 CRITICAL)

EPSS: 94.64%

updated 2024-07-16T01:00:01.567000

21 posts

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServ

Nuclei template

8 repos

https://github.com/MInggongK/geoserver-

https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE

https://github.com/Mr-xn/CVE-2024-36401

https://github.com/Niuwoo/CVE-2024-36401

https://github.com/bigb0x/CVE-2024-36401

https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

https://github.com/RevoltSecurities/CVE-2024-36401

https://github.com/zgimszhd61/CVE-2024-36401

censys at 2024-07-17T13:30:36.489Z ##

CVE-2024-36401 (CVSS Score 9.8): GeoServer GeoTools Eval Injection RCE Vulnerability
Patch available in versions 2.23.6, 2.24.4, 2.25.2 or remove gt-complex-x.y.jar from GeoServer.
Stay safe! cnys.io/ttgto7

##

jos1264@social.skynetcloud.site at 2024-07-16T07:55:01.000Z ##

CISA Warns: Patch GeoServer and GeoTools Immediately to Mitigate Critical Vulnerabilities thecyberexpress.com/geoserver- #GeoServerandGeoToolsvulnerabilities #vulnerabilitiesinGeoServer #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202436401 #CVE202436404

##

censys@infosec.exchange at 2024-07-17T13:30:36.000Z ##

CVE-2024-36401 (CVSS Score 9.8): GeoServer GeoTools Eval Injection RCE Vulnerability
Patch available in versions 2.23.6, 2.24.4, 2.25.2 or remove gt-complex-x.y.jar from GeoServer.
Stay safe! #GeoServer #CVE202436401 #RCE