The Cyber Threat Intelligence Database

sy64

CVE-2024-1708: Path-Traversal Vulnerability
CVE-2024-1709: Authentication Bypass Using an Alternate Path or Channel

ConnectWise ScreenConnect 23.9.7

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

sy64

Synacktiv Ricoh Device

Manager NX (DMNX):
• A pre-authentication arbitrary file read.
• A post-authentication arbitrary file upload.

Since August 2022, the DMNX product is out of support. The latest public release r98942 is also
affected.

https://www.synacktiv.com/sites/default/files/2024-03/synacktiv-ricoh_dmnx-multiple-vulnerabilities.pdf

sy64

CVE-2019-11580

https://github.com/jas502n/CVE-2019-11580

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

https://infosecwriteups.com/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a

sy64

CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed;

https://securityintelligence.com/x-force/cve-2023-20078-technical-analysis/

sy64

CVE-2024-20696 - Windows Libarchive RCE

https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/

sy64

CVE-2024-25114

Collabora Online is a server service built from the main LibreOffice project code providing display and collaborative visual editing of a range of document types in a web browser. It is used by applications such as Zimbra (Zimbra Docs Zimlet) or ownCloud.

https://www.synacktiv.com/en/advisories/multiple-vulnerabilities-in-collabora-online

sy64

CVE-2023-5914 CVE-2023-6184

And secondly, for Citrix Session Recording, we discovered CVE-2023-6184, an RCE vulnerability caused by insecure .NET remoting configurations allowing for insecure deserialization.

We were able to exploit this issue on our target without authentication in the wild, but this vulnerability seems to require authentication when installed under default configurations which is why it has a lower CVSS score of 5.0 from Citrix

https://www.assetnote.io/resources/research/continuing-the-citrix-saga-cve-2023-5914-cve-2023-6184

sy64

CVE-2023-48788: FortiClient Endpoint Management Server (EMS) SQL injection vulnerability

sy64

CVE-2024-25153, a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst, allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This affects Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114.

https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst/

https://github.com/nettitude/CVE-2024-25153

sy64

CVE-2023-5528

Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2.

The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

This vulnerability can lead to full takeover on all Windows nodes in a cluster.

This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service.

https://www.akamai.com/blog/security-research/2024/mar/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

sy64

VirtualBox internals, vulnerabilities analysis and exploitation (CVE-2023-21987 and CVE-2023-21991)

https://qriousec.github.io/post/vbox-pwn2own-2023/

sy64

Exploiting CVE-2024-21412 (ZDI-CAN-23100) to bypass Windows Defender SmartScreen

https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html

sy64

A patched Windows attack surface is still exploitable

https://securelist.com/windows-vulnerabilities/112232/

sy64

https://github.com/bjrjk/CVE-2022-4262/

sy64

CVE-2023-32315: command execution on OpenFire
CVE-2022-21587: command execution on Oracle Web Applications Desktop Integrator

https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html

sy64

Background on libX11 and the Xpm image format
Analysis of CVE-2023-43786 (DoS vulnerability) including a walkthrough and published PoC

https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/

sy64

CVE-2024-21338

https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/

sy64

https://starlabs.sg/blog/2024/route-to-safety-navigating-router-pitfalls/

sy64

CVE-2023-29300: Adobe ColdFusion Vulnerability

https://teamt5.org/en/posts/alerts-of-exploiting-adobe-cold-fusion-cve-2023-29300/

sy64

CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet:😛arseExcel library. These vulnerabilities, stemming from an Arbitrary Code Execution (ACE) flaw in the third-party library Spreadsheet:😛arseExcel,

https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation