Our deepest apologies for the lack of content on this board for the past few months. There was a bug preventing us from posting on this board, but that has now been fixed. Please find the Security Advisories that have come out over the last few months in this article, and we will return to our usual format of one post per SA moving forward. Thank you very much for your patience during this time.
SA-2024-057 - XSS EasyImages (CVE-2023-33599)
EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php
SA-2024-058 - Git Cloning to New Directory (CVE-2024-32002)
Git repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.
SA-2024-060 - Git Cloning to Local Repository (CVE-2024-32004)
In some versions of Git, an attacker can prepare a local repository in such a way that, when cloned, it will execute arbitrary code during the operation.
SA-2024-061 - Git HardLink Clones (CVE-2024-32020)
Git, a revision control system, may allow local clones to hardlink files into the target repository's object database when the source and target repository reside on the same disk.
SA-2024-059 - Intel Processor Authenticated User DoS (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
SA-2024-062 - Git Cloning Symlinks (CVE-2024-32021)
In some versions of Git, a revision control system, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory.
SA-2024-063 - Git Untrusted Repository Cloning (CVE-2024-32465)
In some versions of Git, an attacker can prepare a local repository in such a way that, when cloned, it will execute arbitrary code during the operation.
SA-2024-064 - Intel Processor Authenticated User Escalation Privileges (CVE-2023-22655)
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
SA-2024-065 - Intel Processors Unauthenticated User DoS (CVE-2023-39368)
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
SA-2024-066 - Intel Processor Authorized User Info Disclosure (CVE-2023-38575)
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
SA-2024-067 - Intel TDX Improper Input Validation (CVE-2023-47855)
Improper input validation in some Intel(R) TDX module software may allow a privileged user to potentially enable escalation of privilege via local access.
SA-2024-068 - Intel Xeon Incorrect Microcode Calculation (CVE-2023-43490)
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
SA-2024-069 - Intel Processor Hadware Logic Race Condition (CVE-2023-45733)
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
SA-2024-070 - Intel TDX Improper Input Privilege Escalation (CVE-2023-45745).
Improper input validation in some Intel(R) TDX module software may allow a privileged user to potentially enable escalation of privilege via local access.
SA-2024-071 - Intel Atom Processor User Info Disclosure (CVE-2023-28746)
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
SA-2024-072 - Arbitrary Memory Address Read with Regex Search (CVE-2024-27282)
An issue was discovered in Ruby: if attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
SA-2024-073 - RDoc RCE vulnerability with .rdoc_options (CVE-2024-27281)
When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.
SA-2024-074 - PHP PHAR Memory Corruption (CVE-2023-3824)
In PHP, when loading a phar file while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, potentially leading to memory corruption or RCE.
SA-2024-075 - regreSSHion Vulnerability in OpenSSH Server (CVE-2024-6387)
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously.
SA-2024-076 - Debian Path Traversal (CVE-2023-7207)
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches, which had caused a regression in --no-absolute-filenames.
SA-2024-077 - LibTIFF Heap Buffer Overflow (CVE-2023-3164)
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
SA-2024-078 - PHP Code Logic Error (CVE-2024-5458)
In PHP, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information.
SA-2024-079 - Use After Free with SSL_free_buffers (CVE-2024-4741)
Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations.
SA-2024-080 - Perl Read Write Past Buffer End (CVE-2023-47100)
In Perl, S_parse_uniprop_string in regcomp.c can write to an unallocated space because a property name associated with a \p{...} regular expression construct is mishandled.
SA-2024-081 - OpenSSL API function SSL_select_next_proto (CVE-2024-5535)
Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocol buffer may cause a crash or cause memory contents to be sent to the peer.
SA-2024-082 - Artifex Ghostscript Memory Corruption (CVE-2024-29510)
Artifex Ghostscript allows memory corruption and SAFER sandbox bypass, via format string injection with a uniprint device.
SA-2024-083 - SSID Confusion (CVE-2023-52424)
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue.
SA-2024-084 - Blast RADIUS Attack (CVE-2024-3596)
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
SA-2024-085 - Apache Tomcat DoS in HTTP/2 Connector (CVE-2024-34750)
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption Vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly.
SA-2024-086 - Python Crafted URL Injection Attack (CVE-2022-0391)
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components.
SA-2024-087 - Linux HugeTLB Null Pointer (CVE-2024-0841)
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality.
SA-2024-088 - MySQL Server Low Privilege Attacker DoS (CVE-2024-20994)
There is an issue with Oracle MySQL's server software. A difficult to exploit flaw makes it possible for a low-privileged attacker with network access over several protocols to compromise MySQL Server.
SA-2024-089 - DHCPD Hostname Buffer Overflow (CVE-2004-0460)
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
SA-2024-090 - Python FTP Client Default Trust (CVE-2021-4189)
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default.
SA-2024-091 - Out-of-bounds Read in PCRE2 Unicode (CVE-2022-1586)
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Please let me know if we can clarify anything from these SAs; and again, thank you so much for your patience while we resolved the bug on this page.
SA-2024-092 - Out-of-bounds Read in PCRE2 Recursions (CVE-2022-1587)
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
SA-2024-093 - OpenSSL c rehash script Command Injection (CVE-2022-1292)
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
SA-2024-094 - Amazon Corretto Multiple Vulnerabilities
The following CVEs are addressed in this security advisory: CVE-2024-21131,CVE-2024-21138, CVE-2024-21140, CVE-2024-21147, CVE-2024-21144, CVE-2024-21145.
Please let me know if we can clarify anything from these SAs; and again, thank you so much for your patience while we resolved the bug on this page.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.