It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)
It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.
It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)
It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)
Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP
responses. This could result in bad certificates not being checked
properly, contrary to expectations.
It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)
It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.
What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to OS command injection. Exploit for this vulnerability has also been disclosed to the public.What is the recommended Mitigation?Currently we are unaware of any vendor-supplied patch or updates available for this issue. According to the NVD, Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are affected by the vulnerability (CVE-2024-7120). What FortiGuard Coverage is available?Fortinet customers remain protected through the IPS (Intrusion Prevention System) Service to detect and block any attack attempts targeting the vulnerability. Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.
What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list on September 13, 2024.What is the recommended Mitigation?At this time, Ivanti has confirmed limited exploitation and urges its customers to upgrade to CSA version 5.0 for continued support. Ivanti no longer supports CSA 4.6 which has reached end-of-life. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.