MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
(marc.info)
We discovered two vulnerabilities in OpenSSH:
We discovered two vulnerabilities in OpenSSH:
Juniper Networks Routers API Authentication Bypass Vulnerability
(juniper.net)
Loading×Sorry to interruptCSS ErrorRefresh
Loading×Sorry to interruptCSS ErrorRefresh
CVE-2025-26519: musl Libc: input-controlled out-of-bounds write
(openwall.com)
A vulnerability has been identified in musl libc's implementation of iconv that can result in out-of-bounds memory writes in applications which process untrusted input using iconv and where the input charset for the conversion is input-controlled.
A vulnerability has been identified in musl libc's implementation of iconv that can result in out-of-bounds memory writes in applications which process untrusted input using iconv and where the input charset for the conversion is input-controlled.
Router maker Zyxel tells customers to replace vulnerable hardware
(techcrunch.com)
Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
AMD: Microcode Signature Verification Vulnerability
(github.com/google)
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates.
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates.
Yubico Issues Security Advisory as 2FA Bypass Vulnerability Confirmed
(forbes.com)
Two-factor authentication has increasingly become a security essential over recent years, so when news of anything that can bypass those 2FA protections breaks, it’s not something you can ignore.
Two-factor authentication has increasingly become a security essential over recent years, so when news of anything that can bypass those 2FA protections breaks, it’s not something you can ignore.
Apache fixes Traffic Control bug that attackers could exploit
(scworld.com)
Apache’s maintainers on Dec. 23 released patches for a critical 9.9 vulnerability in the Traffic Ops component of Apache Traffic Control versions 8.0.0 and 8.0.1.
Apache’s maintainers on Dec. 23 released patches for a critical 9.9 vulnerability in the Traffic Ops component of Apache Traffic Control versions 8.0.0 and 8.0.1.
OpenOffice security issues unfixed in over 365 days, security status Amber
(apache.org)
This was extracted (@ 2024-12-18 21:10) from a list of minutes which have been approved by the Board. Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.
This was extracted (@ 2024-12-18 21:10) from a list of minutes which have been approved by the Board. Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.
Critical Apache Struts bug under active exploit
(theregister.com)
A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code.
A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code.
Zizmor would have caught the Ultralytics workflow vulnerability
(yossarian.net)
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
(bleepingcomputer.com)
The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware.
The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware.
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
(bleepingcomputer.com)
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by default in Ubuntu Linux since version 21.04, which were introduced over 10 years ago.
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by default in Ubuntu Linux since version 21.04, which were introduced over 10 years ago.
YubiKey still selling old stock with vulnerable firmware
(ycombinator.com)
FYI, YubiKey is apparently still selling old stock with firmware vulnerable to the EUCLEAK attack instead of disposing of them, as a reader of Fefe's Blog reported:
FYI, YubiKey is apparently still selling old stock with firmware vulnerable to the EUCLEAK attack instead of disposing of them, as a reader of Fefe's Blog reported:
Okta – Username Above 52 Characters Security Advisory
(okta.com)
On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth.
On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth.
RCE Vulnerability in QBittorrent
(sharpsec.run)
In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. The default behaviour changed to verifying on October 12 2024 with commit 3d9e971. The first patched release is version 5.0.1, released 2 days ago.
In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. The default behaviour changed to verifying on October 12 2024 with commit 3d9e971. The first patched release is version 5.0.1, released 2 days ago.
CVE-2024-9632 xorg-x11-server: heap-based buffer overflow privilege escalation
(redhat.com)
CVE-2024-9632 xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
CVE-2024-9632 xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
CVE-2024-45844: Privilege escalation in F5 BIG-IP
(almond.consulting)
The previous articles Post-Exploiting an F5 BIG-IP: root, and now what? and Deep diving into F5 Secure Vault helped us to get a better understanding of the internal F5 mechanisms.
The previous articles Post-Exploiting an F5 BIG-IP: root, and now what? and Deep diving into F5 Secure Vault helped us to get a better understanding of the internal F5 mechanisms.
Fortinet critical 0-day vulnerability being actively exploited
(arstechnica.com)
Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations.
Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations.
Microsoft didn't sandbox Windows Defender, so I did (2017)
(trailofbits.com)
Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening techniques. Why did Microsoft sandbox other high-value attack surfaces such as the JIT code in Microsoft Edge, but leave Windows Defender undefended?
Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening techniques. Why did Microsoft sandbox other high-value attack surfaces such as the JIT code in Microsoft Edge, but leave Windows Defender undefended?
Cups Remote Code Execution Vulnerability Fix Available
(ubuntu.com)
Canonical’s security team has released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all Ubuntu LTS releases under standard support.
Canonical’s security team has released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all Ubuntu LTS releases under standard support.
Unauthenticated RCE vs. all GNU/Linux systems, CVSS 9.9
(threadreaderapp.com)
Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
The Firestore vulnerability found in Arc is likely widespread
(venki.dev)
xyz3va disclosed an Arc vulnerability recently, caused by incorrectly configured Firestore security rules. If you’re using Firestore at your company, you should read this post - it’s reasonably likely that your setup is vulnerable.
xyz3va disclosed an Arc vulnerability recently, caused by incorrectly configured Firestore security rules. If you’re using Firestore at your company, you should read this post - it’s reasonably likely that your setup is vulnerable.
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways
(coffinsec.com)
At the end of last year I discovered and reported a vulnerability in wappd, a network daemon that is a part of the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle. This chipset is commonly used on embedded platforms that support Wifi6 (802.11ax) including Ubiquiti, Xiaomi, and Netgear devices. As is the case for a handful of other bugs I’ve found, I originally came across this code while looking for bugs on an embedded device: the Netgear WAX206 wireless router.
At the end of last year I discovered and reported a vulnerability in wappd, a network daemon that is a part of the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle. This chipset is commonly used on embedded platforms that support Wifi6 (802.11ax) including Ubiquiti, Xiaomi, and Netgear devices. As is the case for a handful of other bugs I’ve found, I originally came across this code while looking for bugs on an embedded device: the Netgear WAX206 wireless router.
Gitlab patches bug that could expose a CI/CD pipeline to supply chain attack
(scmagazine.com)
GitLab patched 17 bugs, including a critical flaw with a CVSS score of 9.9 that could let an attacker trigger a pipeline as an arbitrary user, leading to privileged escalation, data exfiltration, and a software supply chain compromise.
GitLab patched 17 bugs, including a critical flaw with a CVSS score of 9.9 that could let an attacker trigger a pipeline as an arbitrary user, leading to privileged escalation, data exfiltration, and a software supply chain compromise.
Local Privilege Escalation via MSI Installer
(sec-consult.com)
The MSI installers of SoftMaker Office and FreeOffice (SoftMaker) contained a privilege escalation vulnerability.
The MSI installers of SoftMaker Office and FreeOffice (SoftMaker) contained a privilege escalation vulnerability.
OpenSSH Keystroke Obfuscation Bypass
(crzphil.github.io)
A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.
A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.