Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Description: Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. [...]
Source: BleepingComputer
December 3rd, 2024 (5 months ago)
Cloudflare’s developer domains increasingly abused by threat actors
Description: Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. [...]
Source: BleepingComputer
December 3rd, 2024 (5 months ago)
[github.com/kolide/launcher] Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
Description: An implementation bug in the Kolide Agent (known as launcher) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory (#1510). This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM. This issue was found by Bryan Alexander of Atredis Partners and responsibly reported through the Kolide bug bounty program. Kolide made the appropriate changes and released a fix in version 1.12.3 of the launcher package. References https://github.com/kolide/launcher/security/advisories/GHSA-66q9-2rvx-qfj5 https://github.com/kolide/launcher/pull/1510 https://github.com/advisories/GHSA-66q9-2rvx-qfj5
Source: Github Advisory Database (Go)
December 3rd, 2024 (5 months ago)
Decade-Old Cisco Vulnerability Under Active Exploit
Description: Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.
Source: Dark Reading
December 3rd, 2024 (5 months ago)
US shares tips to block hackers behind recent telecom breaches
Description: ​CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...]
Source: BleepingComputer
December 3rd, 2024 (5 months ago)
[vitess.io/vitess] Vitess allows HTML injection in /debug/querylogz & /debug/env
Description: Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML templating engine. PoC Execute any query where part of it is HTML markup, for example as part of a string. To make it easier to observe you might want to make sure the query takes a few seconds to complete, giving you time to refresh the status page. Example query that can trigger the issue: UPDATE users SET email = CONCAT("", users.idUser, "@xxx") WHERE email NOT LIKE '%xxx%' AND email != "[email protected]" Result: Impact Anyone looking at the Vitess status page is affected. This would normally be owners / administrators of the Vitess cluster. Anyone that can influence what text show up in queries can trigger it. This would normally be pretty much everybody interacting with a system that uses Vitess as a backend. References https://github.com/vitessio/vitess/security/advisories/GHSA-7mwh-q3xm-qh6p https://nvd.nist.gov/vuln/detail/CVE-2024-53257 https://github.com/vitessio/vitess/commit/2b71d1b5f8ca676beeab2875525003cd45096217 https://github.com/advisories/GHSA-7mwh-q3xm-qh6p
Source: Github Advisory Database (Go)
December 3rd, 2024 (5 months ago)
[matrix-synapse] Synapse denial of service through media disk space consumption
Description: Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Patches Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. Workarounds Synapse deployments can currently decrease the maximum file size allowed, as well as increase request rate limits. However, this does not as effectively address the issue as a dedicated rate limit on remote media downloads. Server operators may also wish to consider putting media on a dedicated disk or volume, reducing the impact of a disk fill condition. References https://en.wikipedia.org/wiki/Leaky_bucket#As_a_meter For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x https://nvd.nist.gov/vuln/detail/CVE-2024-37302 https://github.com/advisories/GHSA-4mhg-xv73-xq2x
Source: Github Advisory Database (PIP)
December 3rd, 2024 (5 months ago)
[matrix-synapse] Synapse's unauthenticated writes to the media repository allow planting of problematic content
Description: Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Patches Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Workarounds Though extremely limited, server operators can use more strict rate limits based on IP address. References https://github.com/matrix-org/matrix-spec-proposals/pull/3916 For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr https://nvd.nist.gov/vuln/detail/CVE-2024-37303 https://github.com/matrix-org/matrix-spec-proposals/pull/3916 https://github.com/advisories/GHSA-gjgr-7834-rhxr
Source: Github Advisory Database (PIP)
December 3rd, 2024 (5 months ago)
[matrix-synapse] Synapse allows unsupported content types to lead to memory exhaustion
Description: Impact In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Patches Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. Workarounds Limiting request sizes or blocking the multipart/form-data content type before the requests reach Synapse, for example in a reverse proxy, alleviates the issue. Another approach that mitigates the attack is to use a low max_upload_size in Synapse. References https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 https://nvd.nist.gov/vuln/detail/CVE-2024-52805 https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
Source: Github Advisory Database (PIP)
December 3rd, 2024 (5 months ago)
[matrix-synapse] Synapse allows a a malformed invite to break the invitee's `/sync`
Description: Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. Workarounds Server administrators can disable federation from untrusted servers. For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h https://nvd.nist.gov/vuln/detail/CVE-2024-52815 https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
Source: Github Advisory Database (PIP)
December 3rd, 2024 (5 months ago)