CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-11863	SCP-Firmware Vulnerability Description: Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-11736	Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables Description: A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing. EPSS Score: 0.07% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-11734	Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers Description: A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request. EPSS Score: 0.06% Source: CVE January 15th, 2025 (6 months ago)
	Daily Dose of Dark Web Informer - January 14th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 14th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio Description: A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio Source: DarkWebInformer January 14th, 2025 (6 months ago)
	[@lodestar/reqresp] Lodestar snappy decompression issue Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are encoded by using ssz_snappy encoding, which is basically snappy framing compression over ssz encoded message. It's mentioned here - https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md The token of the negotiated protocol ID specifies the type of encoding to be used for the req/resp interaction. Only one value is possible at this time: ssz_snappy: The contents are first SSZ-encoded and then compressed with Snappy frames compression. For objects containing a single field, only the field is SSZ-encoded not a container with a single field. For example, the BeaconBlocksByRoot request is an SSZ-encoded list of Root's. This encoding type MUST be supported by all clients. In snappy framing format there a few types of chunks. We are interested in so called reserved skippable chunks. These are chunks with chunk type in range [0x80, 0xfd] Let's see how rust snappy handles them https://github.com/BurntSushi/rust-snappy/blob/master/src/read.rs#L137 impl<R: io::Read> io::Read for FrameDecoder<R> { fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { ... ... let len = len64 as usize; match ty { ... Source: Github Advisory Database (NPM) January 14th, 2025 (6 months ago)
	[@lodestar/reqresp] Lodestar snappy checksum issue Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by using ssz_snappy encoding, which is a snappy framing compression over ssz encoded message. In snappy framing format there are uncompressed chunks, each such chunk is prefixed with a checksum. Let's see how golang implementation parses such chunks - https://github.com/golang/snappy/blob/master/decode.go#L176 case chunkTypeUncompressedData: // Section 4.3. Uncompressed data (chunk type 0x01). if chunkLen < checksumSize { r.err = ErrCorrupt return r.err } buf := r.buf[:checksumSize] if !r.readFull(buf, false) { return r.err } checksum := uint32(buf[0]) \| uint32(buf[1])<<8 \| uint32(buf[2])<<16 \| uint32(buf[3])<<24 // Read directly into r.decoded instead of via r.buf. n := chunkLen - checksumSize if n > len(r.decoded) { r.err = ErrCorrupt return r.err } if !r.readFull(r.decoded[:n], false) { return r.err } if crc(r.decoded[:n]) != checksum { r.err = ErrCorrupt return r.err } ... Source: Github Advisory Database (NPM) January 14th, 2025 (6 months ago)
	[silverstripe/framework] Silverstripe Framework has a XSS via insert media remote file oembed Description: Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. References https://www.silverstripe.org/download/security-releases/cve-2024-47605 References https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82 https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a https://www.silverstripe.org/download/security-releases/cve-2024-47605 https://github.com/advisories/GHSA-7cmp-cgg8-4c82 Source: Github Advisory Database (Composer) January 14th, 2025 (6 months ago)
	[silverstripe/framework] Silverstripe Framework has a XSS in form messages Description: In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. References https://www.silverstripe.org/download/security-releases/cve-2024-53277 Reported by Leo Diamat from Bastion Security Group References https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5 https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00 https://www.silverstripe.org/download/security-releases/cve-2024-53277 https://github.com/advisories/GHSA-ff6q-3c9c-6cf5 Source: Github Advisory Database (Composer) January 14th, 2025 (6 months ago)
	[silverstripe/framework] Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Description: [!IMPORTANT] This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information. If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. References https://www.silverstripe.org/download/security-releases/ss-2024-002 Reported by Gaurav Nayak from Chaleit References https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8 https://www.silverstripe.org/download/security-releases/ss-2024-002 https://github.com/advisories/GHSA-mqf3-qpc3-g26q Source: Github Advisory Database (Composer) January 14th, 2025 (6 months ago)