CyberAlerts

CVE-2024-11863

Description: Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP

EPSS Score: 0.04%

Source: CVE

January 15th, 2025 (6 months ago)

CVE-2024-11736

Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

Description: A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.

EPSS Score: 0.07%

Source: CVE

January 15th, 2025 (6 months ago)

CVE-2024-11734

Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers

Description: A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

EPSS Score: 0.06%

Source: CVE

January 15th, 2025 (6 months ago)

CVE-2024-11497

Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation

Description: An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

January 15th, 2025 (6 months ago)

CVE-2024-10254

A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to...

Description: A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

Source: CVE

January 15th, 2025 (6 months ago)

CVE-2024-10253

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a...

Description: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

Source: CVE

January 15th, 2025 (6 months ago)

Daily Dose of Dark Web Informer - January 14th, 2025

Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio

Description: A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

[@lodestar/reqresp] Lodestar snappy decompression issue

Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are encoded by using ssz_snappy encoding, which is basically snappy framing compression over ssz encoded message. It's mentioned here - https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md The token of the negotiated protocol ID specifies the type of encoding to be used for the req/resp interaction. Only one value is possible at this time: ssz_snappy: The contents are first SSZ-encoded and then compressed with Snappy frames compression. For objects containing a single field, only the field is SSZ-encoded not a container with a single field. For example, the BeaconBlocksByRoot request is an SSZ-encoded list of Root's. This encoding type MUST be supported by all clients. In snappy framing format there a few types of chunks. We are interested in so called reserved skippable chunks. These are chunks with chunk type in range [0x80, 0xfd] Let's see how rust snappy handles them https://github.com/BurntSushi/rust-snappy/blob/master/src/read.rs#L137 impl<R: io::Read> io::Read for FrameDecoder<R> { fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { ... ... let len = len64 as usize; match ty { ...

Source: Github Advisory Database (NPM)

January 14th, 2025 (6 months ago)

[@lodestar/reqresp] Lodestar snappy checksum issue

Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by using ssz_snappy encoding, which is a snappy framing compression over ssz encoded message. In snappy framing format there are uncompressed chunks, each such chunk is prefixed with a checksum. Let's see how golang implementation parses such chunks - https://github.com/golang/snappy/blob/master/decode.go#L176 case chunkTypeUncompressedData: // Section 4.3. Uncompressed data (chunk type 0x01). if chunkLen < checksumSize { r.err = ErrCorrupt return r.err } buf := r.buf[:checksumSize] if !r.readFull(buf, false) { return r.err } checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24 // Read directly into r.decoded instead of via r.buf. n := chunkLen - checksumSize if n > len(r.decoded) { r.err = ErrCorrupt return r.err } if !r.readFull(r.decoded[:n], false) { return r.err } if crc(r.decoded[:n]) != checksum { r.err = ErrCorrupt return r.err } ...

Source: Github Advisory Database (NPM)

January 14th, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-11863	SCP-Firmware Vulnerability Description: Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-11736	Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables Description: A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing. EPSS Score: 0.07% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-11734	Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers Description: A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request. EPSS Score: 0.06% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-11497	Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation Description: An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-10254	A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to... Description: A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. CVSS: MEDIUM (4.7) EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-10253	A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a... Description: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. CVSS: MEDIUM (4.7) EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
	Daily Dose of Dark Web Informer - January 14th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 14th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio Description: A Threat Actor Claims to be Selling Access to an Unidentified Indian APK and Software Studio Source: DarkWebInformer January 14th, 2025 (6 months ago)
	[@lodestar/reqresp] Lodestar snappy decompression issue Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are encoded by using ssz_snappy encoding, which is basically snappy framing compression over ssz encoded message. It's mentioned here - https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md The token of the negotiated protocol ID specifies the type of encoding to be used for the req/resp interaction. Only one value is possible at this time: ssz_snappy: The contents are first SSZ-encoded and then compressed with Snappy frames compression. For objects containing a single field, only the field is SSZ-encoded not a container with a single field. For example, the BeaconBlocksByRoot request is an SSZ-encoded list of Root's. This encoding type MUST be supported by all clients. In snappy framing format there a few types of chunks. We are interested in so called reserved skippable chunks. These are chunks with chunk type in range [0x80, 0xfd] Let's see how rust snappy handles them https://github.com/BurntSushi/rust-snappy/blob/master/src/read.rs#L137 impl<R: io::Read> io::Read for FrameDecoder<R> { fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { ... ... let len = len64 as usize; match ty { ... Source: Github Advisory Database (NPM) January 14th, 2025 (6 months ago)
	[@lodestar/reqresp] Lodestar snappy checksum issue Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by using ssz_snappy encoding, which is a snappy framing compression over ssz encoded message. In snappy framing format there are uncompressed chunks, each such chunk is prefixed with a checksum. Let's see how golang implementation parses such chunks - https://github.com/golang/snappy/blob/master/decode.go#L176 case chunkTypeUncompressedData: // Section 4.3. Uncompressed data (chunk type 0x01). if chunkLen < checksumSize { r.err = ErrCorrupt return r.err } buf := r.buf[:checksumSize] if !r.readFull(buf, false) { return r.err } checksum := uint32(buf[0]) \| uint32(buf[1])<<8 \| uint32(buf[2])<<16 \| uint32(buf[3])<<24 // Read directly into r.decoded instead of via r.buf. n := chunkLen - checksumSize if n > len(r.decoded) { r.err = ErrCorrupt return r.err } if !r.readFull(r.decoded[:n], false) { return r.err } if crc(r.decoded[:n]) != checksum { r.err = ErrCorrupt return r.err } ... Source: Github Advisory Database (NPM) January 14th, 2025 (6 months ago)