Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: CWA-2024-007
Severity
Medium (Moderate + Likely)[^1]
Affected versions:
wasmvm >= 2.1.0, < 2.1.3
wasmvm >= 2.0.0, < 2.0.4
wasmvm < 1.5.5
cosmwasm-vm >= 2.1.0, < 2.1.4
cosmwasm-vm >= 2.0.0, < 2.0.7
cosmwasm-vm < 1.5.8
Patched versions:
wasmvm 1.5.5, 2.0.4, 2.1.3
cosmwasm-vm 1.5.8, 2.0.7, 2.1.4
Description of the bug
(Blank for now. We'll add more detail once chains had a chance to upgrade.)
Patch
1.5: https://github.com/CosmWasm/cosmwasm/commit/16eabd681790508b13dac8e67f9e6e61045240ea
2.0: https://github.com/CosmWasm/cosmwasm/commit/0e70bd83119b02f99a2c0397f0913e0803750fd9
2.1: https://github.com/CosmWasm/cosmwasm/commit/f5bf24f3acadca2892afd58cc3ce5fdeb932d492
Applying the patch
The patch will be shipped in releases of wasmvm. You can update more or less as follows:
Check the current wasmvm version: go list -m github.com/CosmWasm/wasmvm
Bump the github.com/CosmWasm/wasmvm dependency in your go.mod to 1.5.5, 2.0.4, 2.1.3 depending on which minor version you are; go mod tidy; commit.
If you use the static libraries libwasmvm_muslc.aarch64.a/libwasmvm_muslc.x86_64.a, update them accordingly.
Check the updated wasmvm version: go list -m github.com/CosmWasm/wasmvm and ensure you see 1.5.5, 2.0.4, 2.1.3.
Follow your regular practices to deploy chain upgrades.
To double check if the correct library version is loaded at runtime, use this query:
<appd> query wasm libwasmvm-version. It must show 1.5.5, 2.0.4 or 2.1.3.
The patch is consensus breaking and requires a coordinate...
December 10th, 2024 (4 months ago)
|
|
|
Description: CWA-2024-008
Severity
Medium (Moderate + Likely)[^1]
Affected versions:
wasmvm >= 2.1.0, < 2.1.3
wasmvm >= 2.0.0, < 2.0.4
wasmvm < 1.5.5
cosmwasm-vm >= 2.1.0, < 2.1.4
cosmwasm-vm >= 2.0.0, < 2.0.7
cosmwasm-vm < 1.5.8
Patched versions:
wasmvm 1.5.5, 2.0.4, 2.1.3
cosmwasm-vm 1.5.8, 2.0.7, 2.1.4
Description of the bug
(Blank for now. We'll add more detail once chains had a chance to upgrade.)
Patch
1.5: https://github.com/CosmWasm/cosmwasm/commit/edcdbc520d4f5521eed42de6e2869658278e91fd
2.0: https://github.com/CosmWasm/cosmwasm/commit/f63429ca59eb44dd5d780c1572016581337091e4
2.1: https://github.com/CosmWasm/cosmwasm/commit/108e7dcbf9c21df0fa83f355ad3a7355d7f220cb
Applying the patch
The patch will be shipped in releases of wasmvm. You can update more or less as follows:
Check the current wasmvm version: go list -m github.com/CosmWasm/wasmvm
Bump the github.com/CosmWasm/wasmvm dependency in your go.mod to 1.5.5, 2.0.4, 2.1.3 depending on which minor version you are; go mod tidy; commit.
If you use the static libraries libwasmvm_muslc.aarch64.a/libwasmvm_muslc.x86_64.a, update them accordingly.
Check the updated wasmvm version: go list -m github.com/CosmWasm/wasmvm and ensure you see 1.5.5, 2.0.4, 2.1.3.
Follow your regular practices to deploy chain upgrades.
To double check if the correct library version is loaded at runtime, use this query:
<appd> query wasm libwasmvm-version. It must show 1.5.5, 2.0.4 or 2.1.3.
The patch is consensus breaking and requires a coordinate...
December 10th, 2024 (4 months ago)
|
|
|
Description: CWA-2024-007
Severity
Medium (Moderate + Likely)[^1]
Affected versions:
wasmvm >= 2.1.0, < 2.1.3
wasmvm >= 2.0.0, < 2.0.4
wasmvm < 1.5.5
cosmwasm-vm >= 2.1.0, < 2.1.4
cosmwasm-vm >= 2.0.0, < 2.0.7
cosmwasm-vm < 1.5.8
Patched versions:
wasmvm 1.5.5, 2.0.4, 2.1.3
cosmwasm-vm 1.5.8, 2.0.7, 2.1.4
Description of the bug
(Blank for now. We'll add more detail once chains had a chance to upgrade.)
Patch
1.5: https://github.com/CosmWasm/cosmwasm/commit/16eabd681790508b13dac8e67f9e6e61045240ea
2.0: https://github.com/CosmWasm/cosmwasm/commit/0e70bd83119b02f99a2c0397f0913e0803750fd9
2.1: https://github.com/CosmWasm/cosmwasm/commit/f5bf24f3acadca2892afd58cc3ce5fdeb932d492
Applying the patch
The patch will be shipped in releases of wasmvm. You can update more or less as follows:
Check the current wasmvm version: go list -m github.com/CosmWasm/wasmvm
Bump the github.com/CosmWasm/wasmvm dependency in your go.mod to 1.5.5, 2.0.4, 2.1.3 depending on which minor version you are; go mod tidy; commit.
If you use the static libraries libwasmvm_muslc.aarch64.a/libwasmvm_muslc.x86_64.a, update them accordingly.
Check the updated wasmvm version: go list -m github.com/CosmWasm/wasmvm and ensure you see 1.5.5, 2.0.4, 2.1.3.
Follow your regular practices to deploy chain upgrades.
To double check if the correct library version is loaded at runtime, use this query:
<appd> query wasm libwasmvm-version. It must show 1.5.5, 2.0.4 or 2.1.3.
The patch is consensus breaking and requires a coordinate...
December 10th, 2024 (4 months ago)
|
|
|
Description: Impact
An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system.
Example of vulnerable code:
const expressions = require("angular-expressions");
const result = expressions.compile("__proto__.constructor")({}, {});
// result should be undefined, however for versions <=1.4.2, it returns an object.
With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system.
Patches
The problem has been patched in version 1.4.3 of angular-expressions.
Workarounds
There is one workaround if it not possible for you to update :
Make sure that you use the compiled function with just one argument : ie this is not vulnerable :
const result = expressions.compile("__proto__.constructor")({}); : in this case you lose the feature of locals if you need it.
Credits
Credits go to JorianWoltjer who has found the issue and reported it to use. https://jorianwoltjer.com/
References
https://github.com/peerigon/angular-expressions/security/advisories/GHSA-5462-4vcx-jh7j
https://github.com/peerigon/angular-expressions/commit/97f7ad94006156eeb97fc942332578b6cfbf8eef
https://github.com/advisories/GHSA-5462-4vcx-jh7j
December 10th, 2024 (4 months ago)
|
|
|
Description: Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom,
December 10th, 2024 (4 months ago)
|
|
|
Description: The U.S. Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. [...]
December 10th, 2024 (4 months ago)
|
|
|
Description: The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
December 10th, 2024 (4 months ago)
|
|
|
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low Attack Complexity
Vendor: Schneider Electric
Equipment: FoxRTU Station
Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electricreports that the following products are affected:
FoxRTU Station: < 9.3.0
3.2 VULNERABILTY OVERVIEW
3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.
CVE-2024-2602 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and Wastewater, Chemical
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Anooja Joy, Sushant Mane and Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to Schneider Electric.
4. MITIGATIONS
Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:
Version 9.3.0 of F...
December 10th, 2024 (4 months ago)
|
|
|
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: National Instruments
Equipment: LabVIEW
Vulnerabilities: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following National Instruments products are affected:
LabVIEW 2024: Versions Q3 (24.3f0) and prior
LabVIEW 2023: All versions
LabVIEW 2022: All versions
LabVIEW 2021 (EOL) and below: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS READ CWE-125
An out-of-bounds read exists in the HeapObjMapImpl function, which may allow an attacker to disclose information or execute arbitrary code.
CVE-2024-10494 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-10494. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 OUT-OF-BOUNDS READ CWE-125
An out-of-bounds read exists when loading the font table, which may allow an attacker to disclose information or execute arbitrary code.
CVE-2024-10495 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculate...
December 10th, 2024 (4 months ago)
|
|
|
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low Attack Complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Foxboro DCS Core Control Services
Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to a loss of system functionality or unauthorized access to system functions.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following products are affected:
EcoStruxure Foxboro DCS Core Control Services: Versions 9.8 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
An out-of-bounds write vulnerability exists that could cause local denial of service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
CVE-2024-5679 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.2 IMPROPER VALIDATION OF ARRAY INDEX CWE-129
An improper validation of array index vulnerability exists that could cause local denial of service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
CVE-2024-5680 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/...
December 10th, 2024 (4 months ago)
|