ZDI-24-1644: (Pwn2Own) iXsystems TrueNAS fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability

Read Time:14 Second

This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.1. The following CVEs are assigned: CVE-2024-11946.

USN-7178-1: DPDK vulnerability

It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this...

December 19, 2024

LSN-0108-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt...

December 19, 2024

ZDI-24-1711: AnyDesk Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the...

December 19, 2024

ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

ZDI-24-1709: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

ZDI-24-1708: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Mailbox Insecurity

New Malware Can Kill Engineering Processes in ICS Environments

EU Opens Door for AI Training Using Personal Data

Crypto-Hackers Steal $2.2bn as North Koreans Dominate

Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”

Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack

ZDI-24-1644: (Pwn2Own) iXsystems TrueNAS fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability

USN-7178-1: DPDK vulnerability

LSN-0108-1: Kernel Live Patch Security Notice

ZDI-24-1711: AnyDesk Link Following Information Disclosure Vulnerability

ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1709: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1708: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability