CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0607 |
Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-0560 |
Description: A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.
EPSS Score: 0.11%
February 8th, 2025 (5 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
February 8th, 2025 (5 months ago)
|
|
|
Description: Impact
SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends.
Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process.
Patches
This issue was fixed in version v2.6.5 by checking the client provided arguments.
https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1
References
https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx
https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1
https://github.com/advisories/GHSA-vj7w-3m8c-6vpx
February 7th, 2025 (5 months ago)
|
|
|
Description: Impact
SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends.
Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process.
Patches
This issue was fixed in version v2.6.5 by checking the client provided arguments.
https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1
References
https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx
https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1
https://github.com/advisories/GHSA-vj7w-3m8c-6vpx
February 7th, 2025 (5 months ago)
|
|
|
Description: Description
Summary
Pimcore Admin Classic Bundle allows attackers to enumerate valid accounts because the Forgot password functionality uses different messages when the account is valid vs not.
Details
-> error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. since no generic error message is being implemented.
PoC
Enter first a valid account email address and click on submit
A green message validating the account exists is shown and a login link is sent to the email
now go back and use a random email from temp-mail to test with a non existant account
click on submit and get an error in red that a problem occured
Impact
user enumeration is a confidentiality threat , that could potentially lead to an attacker to enumerate valid accounts and maybe taking over accounts in case combined with credential stuffing on an organisation .
A remedition would be to change the error message in both cases ( valid and invalid emails ) to what we call a "synchronised error " it would be for example : " if the given email address is linked to an account , then a login link would be sent to that email " or something along those lines
References
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24
https://github.com/pimcore/admin-ui-classic-bundle/pull/808
https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9
https://github.com/advisories/GHS...
February 7th, 2025 (5 months ago)
|
|
|
Description: Impact(影響)
There is an Access control vulnerability on the management system of Connect-CMS.
Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier
Patches(修正バージョン)
version v1.8.7, v2.4.7
Workarounds(運用回避手段)
Upgrade Connect-CMS to latest version
References
https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg
https://github.com/advisories/GHSA-5rjc-jc28-cwgg
February 7th, 2025 (5 months ago)
|
|
|
Description: Impact
Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a feature added in v1.8.0).
Impact by version
v1.8.0 ~ v1.8.3: It will be displayed in the text.
v1.8.0 and earlier: It will not be displayed in the body of the text, but the title (frame name) will be displayed with a link.
Target viewing restriction function
Frame publishing function (private, limited publishing)
IP Restriction Page
Password setting page
Patches (fixed version)
Apply v1.8.4.
Workarounds
Remove the site search (e.g. hide frames).。
References
none
References
https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-2237-5r9w-vm8j
https://github.com/advisories/GHSA-2237-5r9w-vm8j
February 7th, 2025 (5 months ago)
|
|
|
Description: Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag.
This prevented XML External Entity (XXE) injection attacks with xinclude and XML entity references.
It was discovered that xml2rfc does not respect --allow-local-file-access when a local file is specified as src in artwork or sourcecode elements. Furthermore, XML entity references can include any file inside the source dir and below without using the --allow-local-file-access flag.
The xml2rfc <= 3.26.0 behaviour:
xinclude
XML entity reference
artwork src=
sourcecode src=
without --allow-local-file-access flag
No filesystem access
Any file in xml2rfc templates dir and below, any file in source directory and below
Access source directory and below
Access source directory and below
with --allow-local-file-access flag
Access any file on filesystem[^1]
Access any file on filesystem[^1]
Access source directory and below
Access source directory and below
[^1]: Access any file of the filesystem with the permissions of the user running xml2rfc can access.
Impact
Anyone running xml2rfc as a service that accepts input from external users is impacted by this issue.
Specifying a file in src attribute in artwork or sourcecode elements will cause the contents of that file to appear in xml2rfc’s output results.
But that file has to be inside the same directory as the XML input source file.
For artwork and sourcecode, xml2rfc will not look ab...
February 7th, 2025 (5 months ago)
|
|
|
Description: The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.
February 7th, 2025 (5 months ago)
|