Week of April 1, 2024
This newly reported vulnerability represents a significant supply chain attack, particularly concerning due to its ability to intercept SSH authentication data.
The CVE-2024-3094 attack involves malicious alterations made to the upstream tarballs of the XZ Utils library by a once-trusted developer. These changes specifically target liblzma code, creating a backdoor during the build process. Detail
Week of February 5, 2024
This month, three critical vulnerabilities have emerged, posing significant threats to embedded software platforms and Linux distributions. These vulnerabilities, if exploited, could allow attackers to bypass security measures, gain unauthorized access, and potentially take control of affected systems. Immediate action is recommended to mitigate these risks Detail 1, Detail 2, Detail 3, Detail 4, Detail 5, Detail 6, Detail 7, Detail 8
Week of January 1, 2024
According to Quarkslab, nine (9) new vulnerabilities have been discovered that affect “the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI.” These vulnerabilities “can be exploited by unauthenticated remote attackers on the same local network, and in some cases, by attackers on remote networks.” Detail 1, Detail 2, Detail 3, Detail 4, Detail 5, Detail 6, Detail 7, Detail 8, Detail 9
Week of December 5, 2023
According to ArsTechnica, this new vulnerability affects “hundreds of Windows and Linux computer models from virtually all hardware makers” to “a new attack that executes malicious firmware early in the boot-up sequence.” This can result in “infections that are nearly impossible to detect or remove using current defense mechanisms.” Detail 1, Detail 2, Detail 3, Detail 4, Detail 5
Week of October 9, 2023
This vulnerability is “the worst security problem found in curl in a long time.” This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. A Rezilion article reviewing this vulnerability added that this vulnerability presents “an interesting challenge for security teams wanting to get a headstart on identifying affected assets – Since no vulnerability metadata has yet been published (specifically no CPE values), no vulnerability scanner will be able to detect it. This scenario highlights the necessity of having a queriable Software Bill of Materials (SBOM). If you have a queryable SBOM, you should utilize it to pinpoint all occurrences of curl & libcurl in your environment, so that once version 8.4.0 releases, you’ll be able to take immediate action.” Detail 1, Detail 2.
Week of October 2, 2023
As you may already know, libcue provides an API for parsing and extracting data from CUE sheets. However Versions 2.2.1 and prior are vulnerable to an out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. Detail 1, Detail 2.
Week of September 29, 2023
This vulnerability “poses a significant security risk across numerous software applications and platforms.” It was originally reported by Apple and Citizen Lab and tracked as CVE-2023-4863, specific to Google Chrome, but “has since been reclassified as CVE-2023-5129 and correctly attributed as a flaw in libwebp with a maximum 10/10 severity rating.” Detail 1, Detail 2.
Week of September 22, 2023
This is a use-after-free vulnerability in the MediaRecorder API that could lead to memory corruption. A specially crafted webpage can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to visit a malicious webpage to trigger this vulnerability. Detail 1, Detail 2.
Week of September 18, 2023
This is vulnerability is a memory handling issue that could enable code execution. While this issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14, the NVD listing states that it is currently under reanalysis, which may result in further changes to the information provided. Detail 1, Detail 2.
Week of September 15, 2023
Week of September 11, 2023
Week of September 8, 2023
Week of September, 2023
This use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Adding and removing rules from chain bindings within the same transaction can lead to use-after-free. Git.Kernel recommends upgrading to resolve this issue. Detail 1, Detail 2.
Week of September 1, 2023
This use-after-free vulnerability in the Linux kernel’s net/sched: sch_qfq component can also be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). Users are also recommended to upgrade in order to resolve this issue. Detail 1, Detail 2.
Week of August 7, 2023
A now-patched vulnerability in OpenSSH could be exploited to run arbitrary commands remotely on compromised hosts, such as Linux distributions. “While browsing through ssh-agent’s source code, we noticed that a remote attacker, who has access to the remote server where Alice’s ssh-agent is forwarded to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice’s workstation (via her forwarded ssh-agent, if it is compiled with ENABLE_PKCS11, which is the default),” Saeed Abbasi, manager of vulnerability research at Qualys, explained. Detail 1, Detail 2.
Week of July 3, 2023
A complicated bug (CVE-2022-37454) found in the Linux kernel’s memory management (MM) subsystem can “allow a broad spectrum of uncontrolled arbitrary write primitives to achieve kernel code execution on x86 platforms.” “While it is possible to mitigate this exploit technique from a remote context, an attacker in a local context can utilize known microarchitectural side-channels to defeat the current mitigations.” Detail 1, Detail 2.
Week of May 29, 2023
Week of May 22, 2023
Week of May 14, 2023
Week of February 5, 2023
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.” Detail 1, Detail 2, Detail 3.
Week of January 29, 2023
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. Detail 1, Detail 2.
Week of January 15, 2023
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. Detail 1, Detail 2.
Week of December 4, 2022
Published by Redhat, an improper Update of Reference Count in io_uring leads to this use-after-free vulnerability in Linux Kernel and allows for local privilege escalation. Detail 1.
Week of October 31, 2022
Week of October 17, 2022
Week of August 29, 2022
DirtyCred is an 8-year-old Linux kernel vulnerability that swaps unprivileged kernel credentials with privileged ones to escalate privileges to the maximum level. It exploits a previously unknown flaw (CVE-2022-2588) and is in early notification, not yet reported in the NVD. Details
Week of August 15, 2022
NVD reported that zlib (1.2.12), a software library used for data compression, has a heap-based buffer over-read, or a buffer overflow, in inflate.c through a large gzip header extra field. However, only applications that call “inflateGetHeader” are affected. Some common applications bundle the affected zlib source code but may be unable to call “inflateGetHeader.” Details
Week of August 8, 2022
According to NVC, remote attackers that can send HTTP requests to the gweb component in ConnMan (1.41) are able to exploit a heap-based buffer overflow in “received_data” to execute code. Details
Week of July 25, 2022
RandoriSec found a heap buffer overflow vulnerability within the Netfilter subsystem of the Linux kernel that could be exploited to get a privilege escalation. This vulnerability has been reported to the Linux security team and assigned CVE-2022-34918. Details
Week of July 18, 2022
Retbleed has been designated CVE-2022-29900 for AMD, and CVE-2022-29901 and CVE-2022-28693 for Intel. AMD is also using CVE-2022-23816 and CVE-2022-23825 to track Retbleed, which it calls a branch type confusion. In this case, rogue software on a machine can exploit Retbleed to access operating system kernel data and expose secrets, such as passwords and keys, within the memory. Older AMD and Intel chips are vulnerable to this Spectre-based speculative-execution attack. Details
Week of July 11, 2022
Week of June 27, 2022
Week of June 13, 2022
Hertzbleed is a frequency side-channel attack that exploits the dynamic frequency scaling of modern x86 processors depending on the data being processed. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers. This issue affects AMD (CVE-2022-23823) and Intel (CVE-2022-24436) processors. Details
Week of May 30, 2022
Multiple buffer overflow related vulnerabilities in the u-boot networking stack (IP packet de-fragmentation) that can result in denial of service and overwrite attacks. Details
Week of May 16, 2022
A vulnerability in the domain name system (DNS) component of uClibc can result in DNS poisoning attack risk. Details
Week of May 2, 2022
Week of April 25, 2022
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record’s value to a VT compatible terminal. Severity score 9.8.
Week of April 11, 2022
Week of March 28 2022
Critical hijacking bugs that can lead to full network compromise in Azure Defender for IoT; severity score of 10. Details.
Bugs causing privilege escalation and information leak in Linux kernel. Details.
Week of March 21 2022
Infinite loop bug enables a pre-authentication DOS attack on OpenSSL. Details.
Week of March 14 2022
Arm Spectre Variant Cache Leak. Details.
Escalated privileges in Linux kernel cgroups. Details
Privileges from heap OOB writes in Linux kernel netfilter. Details
“Dirty Pipe” vulnerability in the Linux kernel. Details
ARE YOUR DEVICES AT RISK?
It’s More Likely Than You Think
Try using Vigiles to see if your product is secure in as little as 15 minutes.