It was discovered that less mishandled newline characters in file names. If
a user or automated system were tricked into opening specially crafted
files, an attacker could possibly use this issue to execute arbitrary
commands on the host.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-51633.
tpm2-tools-5.7-1.fc40
tpm2-tss-4.1.0-1.fc40
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
tpm2-tools-5.5.1-1.fc39
tpm2-tss-4.0.2-1.fc39
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
tpm2-tools-5.5.1-1.fc38
tpm2-tss-4.0.2-1.fc38
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
webkit2gtk4.0-2.44.1-1.fc40
Update to 2.44.1
kernel-6.8.8-200.fc39
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.8-100.fc38
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.8-300.fc40
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.What is the vendor Mitigation? According to the vendor advisory, CrushFTP versions prior to 10.7.1 and 11.1.0 are vulnerable to CVE-2024-4040 and being advised to immediately apply the patch. What FortiGuard Coverage is available? Endpoint vulnerability service is available to help detect vulnerable endpoints running the CrushFTP server application. FortiGuard Labs is further investigating for additional coverages.
