CyberAlerts

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

Description: The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence

Source: TheHackerNews

January 1st, 2025 (6 months ago)

An announcement from Paris on Dread

Description: An announcement from Paris on Dread

Source: DarkWebInformer

January 1st, 2025 (6 months ago)

CVE-2024-7341

Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

EPSS Score: 0.19%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-7259

Ovirt-engine: potential exposure of cleartext provider passwords via web ui

Description: A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

EPSS Score: 0.05%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-7143

Pulpcore: rbac permissions incorrectly assigned in tasks that create objects

Description: A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

EPSS Score: 0.07%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-7012

Puppet-foreman: an authentication bypass vulnerability exists in foreman

Description: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

EPSS Score: 0.12%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-6535

Skupper: potential authentication bypass to skupper console via forged cookies

Description: A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

EPSS Score: 0.05%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-6501

Networkmanager: denial of service

Description: A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

EPSS Score: 0.05%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-6239

Poppler: pdfinfo: crash in broken documents when using -dests parameter

Description: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

EPSS Score: 0.14%

Source: CVE

January 1st, 2025 (6 months ago)

CVE-2024-5651

Fence-agents-remediation: fence agent command line options leads to remote code execution

Description: A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.

EPSS Score: 0.05%

Source: CVE

January 1st, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics Description: The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence Source: TheHackerNews January 1st, 2025 (6 months ago)
	An announcement from Paris on Dread Description: An announcement from Paris on Dread Source: DarkWebInformer January 1st, 2025 (6 months ago)
CVE-2024-7341	Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. EPSS Score: 0.19% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-7259	Ovirt-engine: potential exposure of cleartext provider passwords via web ui Description: A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. EPSS Score: 0.05% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-7143	Pulpcore: rbac permissions incorrectly assigned in tasks that create objects Description: A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. EPSS Score: 0.07% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-7012	Puppet-foreman: an authentication bypass vulnerability exists in foreman Description: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. EPSS Score: 0.12% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-6535	Skupper: potential authentication bypass to skupper console via forged cookies Description: A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. EPSS Score: 0.05% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-6501	Networkmanager: denial of service Description: A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service. EPSS Score: 0.05% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-6239	Poppler: pdfinfo: crash in broken documents when using -dests parameter Description: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. EPSS Score: 0.14% Source: CVE January 1st, 2025 (6 months ago)
CVE-2024-5651	Fence-agents-remediation: fence agent command line options leads to remote code execution Description: A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. EPSS Score: 0.05% Source: CVE January 1st, 2025 (6 months ago)