Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
December 24th, 2024 (4 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling the Data of Cashory
December 23rd, 2024 (4 months ago)
|
|
|
Description: FBI, DC3, and NPA Identify North Korean Cyber Actors, Known as TraderTraitor, Behind $308 Million Cryptocurrency Theft from Bitcoin.DMM.com
December 23rd, 2024 (4 months ago)
|
|
|
Description: X0Frankenstein Claims to have Leaked the Data of Vibrant Gujarat Industrial Directory
December 23rd, 2024 (4 months ago)
|
|
|
Description: The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.
December 23rd, 2024 (4 months ago)
|
|
|
Description: A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.7.Final
Workarounds
No workaround available
References
See also: https://issues.redhat.com/browse/WFLY-19969
References
https://github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm
https://github.com/hal/console/releases/tag/v3.7.7
https://issues.redhat.com/browse/WFLY-19969
https://github.com/advisories/GHSA-64gp-r758-8pfm
December 23rd, 2024 (4 months ago)
|
|
|
Description: A Threat Actor Allegedly Leaked the Data of Amicale du Ministère de l'Éducation
December 23rd, 2024 (4 months ago)
|
|
|
Description: A Threat Actor is Allegedly Selling XSniffer - A Universal Sniffer Tool
December 23rd, 2024 (4 months ago)
|
|
|
Description: An issue was identified in the VmFd::create_device function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules.
The function downcasted a mutable reference to its struct kvm_create_device argument to an immutable pointer, and then proceeded to pass this pointer to a mutating system call. Rustc 1.82.0 and newer elides subsequent reads of this structure's fields, meaning code will not see the value written by the kernel into the fd member. Instead, the code will observe the value that this field was initialized to prior to calling VmFd::create_device (usually, 0).
The issue started in kvm-ioctls 0.1.0 and was fixed in 0.19.1 by correctly using
a mutable pointer.
References
https://github.com/rust-vmm/kvm/pull/298
https://rustsec.org/advisories/RUSTSEC-2024-0428.html
https://github.com/advisories/GHSA-3qx8-rv27-j6gp
December 23rd, 2024 (4 months ago)
|
|
|
Description: The library breaks the safety assumptions when using unsafe API slice::from_raw_parts_mut. The pointer passed to from_raw_parts_mut is misaligned by casting u8 to u16 raw pointer directly, which is unsound. The bug is patched by using align_offset, which could make sure the memory address is aligned to 2 bytes for u16.
This was patched in 0.11.2 in the commit.
References
https://github.com/AFLplusplus/LibAFL/issues/1526
https://github.com/AFLplusplus/LibAFL/pull/1530
https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d
https://github.com/AFLplusplus/LibAFL/commit/f70a16a09a8096d3c50159dd8a912a75c2af157c
https://rustsec.org/advisories/RUSTSEC-2024-0424.html
https://github.com/advisories/GHSA-f7qj-v3vp-4856
December 23rd, 2024 (4 months ago)
|