Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-36610
https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259
https://gist.github.com/1047524396/24e93f2905850235e42ad7db6e878bd5
https://github.com/symfony/symfony/blob/v7.0.3/src/Symfony/Component/VarDumper/Cloner/Stub.php#L53
https://github.com/advisories/GHSA-cg28-v4wq-whv5
December 3rd, 2024 (5 months ago)
|
|
|
Description: In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-36611
https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
https://github.com/advisories/GHSA-7q22-x757-cmgc
December 3rd, 2024 (5 months ago)
|
|
|
Description: Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
"By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access
December 3rd, 2024 (5 months ago)
|
|
|
Description: The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.
"Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
December 3rd, 2024 (5 months ago)
|
|
|
Description: A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT.
The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
December 3rd, 2024 (5 months ago)
|
|
|
Description: "Skylark" App fails to restrict custom URL schemes properly.
December 3rd, 2024 (5 months ago)
|
CVE-2024-53937 |
Description: An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)
EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5870 |
Description: A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
EPSS Score: 0.19%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5379 |
Description: A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
EPSS Score: 0.09%
December 3rd, 2024 (5 months ago)
|
|
|
Description: Howling Scorpius, active since 2023, uses Akira ransomware to target businesses globally, employing a double-extortion strategy and upgrading tools regularly.
The post Threat Assessment: Howling Scorpius (Akira Ransomware) appeared first on Unit 42.
December 2nd, 2024 (5 months ago)
|