Category Archives: Advisories

USN-7014-1: nginx vulnerability

Read Time:13 Second

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

USN-7013-1: Dovecot vulnerabilities

Read Time:21 Second

It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)

It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)

Read More

USN-7011-1: ClamAV vulnerabilities

Read Time:19 Second

It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)

It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)

Read More

USN-6560-3: OpenSSH vulnerability

Read Time:15 Second

USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.

Read More

iwd-2.22-1.fc41

Read Time:10 Second

FEDORA-2024-5d6c951b0b

Packages in this update:

iwd-2.22-1.fc41

Update description:

iwd 2.22:

Fix issue with handling the Affinities property.
Fix issue with handling ConnectedAccessPoint signal when roaming.

Read More

Raisecom Gateway Command Injection (CVE-2024-7120)

Read Time:39 Second

What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to OS command injection. Exploit for this vulnerability has also been disclosed to the public.What is the recommended Mitigation?Currently we are unaware of any vendor-supplied patch or updates available for this issue. According to the NVD, Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are affected by the vulnerability (CVE-2024-7120). What FortiGuard Coverage is available?Fortinet customers remain protected through the IPS (Intrusion Prevention System) Service to detect and block any attack attempts targeting the vulnerability. Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)

Read Time:1 Minute, 0 Second

What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list on September 13, 2024.What is the recommended Mitigation?At this time, Ivanti has confirmed limited exploitation and urges its customers to upgrade to CSA version 5.0 for continued support. Ivanti no longer supports CSA 4.6 which has reached end-of-life. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.

Read More