CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters.
February 12th, 2025 (5 months ago)
|
|
|
Description: Ransomware Attack Update for 12th of February 2025
February 12th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Allegedly Selling an EXE Binder Tool
February 12th, 2025 (5 months ago)
|
|
|
Description: A Threat Allegedly Leaked the Data of Autorenova
February 12th, 2025 (5 months ago)
|
|
|
Description: miyako Claims to be Selling Access to a Global Furniture Brand in China
February 12th, 2025 (5 months ago)
|
|
|
Description: Impact
Chains using affected versions of Packet Forward Middleware in their IBC Transfer stack are vulnerable to an attack in which there is a potential denial of service. This affects IBC transfers for any asset which is being transferred between another chain and its native chain.
We recommend upgrading as soon as possible.
THIS IS A STATE BREAKING CHANGE
Patches
Versions 7.2.1 and 8.1.1 are patched.
Workarounds
N/A
References
N/A
References
https://github.com/cosmos/ibc-apps/security/advisories/GHSA-6fgm-x6ff-w78f
https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv7.2.1
https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv8.1.1
https://github.com/advisories/GHSA-6fgm-x6ff-w78f
February 12th, 2025 (5 months ago)
|
|
|
Description: Impact
Chains using affected versions of Packet Forward Middleware in their IBC Transfer stack are vulnerable to an attack in which there is a potential denial of service. This affects IBC transfers for any asset which is being transferred between another chain and its native chain.
We recommend upgrading as soon as possible.
THIS IS A STATE BREAKING CHANGE
Patches
Versions 7.2.1 and 8.1.1 are patched.
Workarounds
N/A
References
N/A
References
https://github.com/cosmos/ibc-apps/security/advisories/GHSA-6fgm-x6ff-w78f
https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv7.2.1
https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv8.1.1
https://github.com/advisories/GHSA-6fgm-x6ff-w78f
February 12th, 2025 (5 months ago)
|
|
|
Description: Impact
What kind of vulnerability is it? Who is impacted?
Remote code execution is possible in web-accessible installations of hypercube.
Patches
Has the problem been patched? What versions should users upgrade to?
Not yet, though no patch is neccessary if your installation of the microservices is behind a firewall. See below.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
The exploit requires making a request against Hypercube's endpoints; therefore, the ability to make use of the exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Hypercube. Furthermore, if you've used any of the official installation methods, your Crayfish will be behind a firewall and there is no work neccessary.
The webserver might be made to validate the structure of headers passed, but that would only be neccessary if you publicly exposed the endpoint. Standard security practices should be applied.
References
Are there any links users can visit to find out more?
XBOW-024-074
References
https://github.com/Islandora/Crayfish/security/advisories/GHSA-c2p2-hgjg-9r3f
https://github.com/advisories/GHSA-c2p2-hgjg-9r3f
February 12th, 2025 (5 months ago)
|
|
|
February 12th, 2025 (5 months ago)
|
|
|
February 12th, 2025 (5 months ago)
|