VULNERA Pulse

Apache — Flink

CVE-2020-17519 / Added: May 23, 2024

HIGH CVSS 7.50 EPSS Score 97.15 EPSS Percentile 99.81

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.

Headlines

• May 24, 2024 - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog
• May 24, 2024 - Three-year-old Apache Flink flaw now under active attack
• May 23, 2024 - CISA Warns of Actively Exploited Apache Flink Security Vulnerability
• May 23, 2024 - CISA Adds Apache Flink CVE-2020-17519 Vulnerability to KEV Catalog

Back to top ↑

NextGen Healthcare — Mirth Connect

CVE-2023-43208 / Added: May 20, 2024

CRITICAL CVSS 9.80 EPSS Score 96.31 EPSS Percentile 99.54

NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.

Headlines

• May 26, 2024 - Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel
• May 23, 2024 - HHS pledges $50M for autonomous vulnerability management solution for hospitals
• May 21, 2024 - CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
• May 21, 2024 - NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning
• May 21, 2024 - CISA Warns of Actively Exploited Flaws in NextGen Healthcare Mirth Connect and Chromium
• Oct. 26, 2023 - Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data
• Oct. 26, 2023 - Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Back to top ↑

Google — Chromium V8

CVE-2024-4947 / Added: May 20, 2024

HIGH CVSS 8.80 EPSS Score 0.28 EPSS Percentile 68.37

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Headlines

• May 24, 2024 - Google Discovers Fourth Zero-Day in Less Than a Month
• May 24, 2024 - Google fixes eighth actively exploited Chrome zero-day this year
• May 24, 2024 - Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP
• May 21, 2024 - CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
• May 21, 2024 - NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning
• May 21, 2024 - CISA Warns of Actively Exploited Flaws in NextGen Healthcare Mirth Connect and Chromium
• May 20, 2024 - PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability
• May 20, 2024 - Nissan infosec in the spotlight again after fresh breach
• May 19, 2024 - CISA warns of hackers exploiting Chrome, EoL D-Link bugs
• May 19, 2024 - Week in review: New Black Basta's social engineering campaign, passing the CISSP exam in 6 weeks
• May 17, 2024 - CISA adds Chrome zero-days to its Known Exploited Vulnerabilities catalog
• May 16, 2024 - Google fixes seventh actively exploited Chrome zero-day this year
• May 16, 2024 - Patch Now: Another Google Zero-Day Under Exploit in the Wild
• May 16, 2024 - Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
• May 16, 2024 - Third Chrome Zero-Day Patched by Google Within One Week
• May 16, 2024 - Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
• May 16, 2024 - CVE-2024-4947: New Chrome 0-Day Vulnerability Under Active Exploitation
• May 15, 2024 - Google fixes third actively exploited Chrome zero-day in a week
• May 15, 2024 - Google patches third exploited Chrome zero-day in a week
• May 15, 2024 - Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Back to top ↑

CVE-2024-4323

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 8.70

Actively Exploited Remote Code Execution Public Exploits Available

Published: May 20, 2024

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Quotes

• Smaller and more targeted integer values
• Almost every major cloud provider’s infrastructure
• Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it
• While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive
• Everyone gets hyped about a vulnerability in Azure, AWS, GCP, but nobody's really looking at the technologies that make up all of these major cloud services — common, core pieces of software that now affect every major cloud provider
• [The researchers] were also able to retrieve chunks of adjacent memory, which are returned in the HTTP responses. While this is generally unlikely to reveal anything other than previous metrics requests, the researchers were able to occasionally retrieve partial secrets during their testing, indicating that this issue could potentially leak sensitive information
• In their lab environment, the researchers were able to reliably exploit this issue to crash the service and cause a denial of service scenario. They were also able to retrieve chunks of adjacent memory, which are returned in the HTTP responses. While this is generally unlikely to reveal anything other than previous metrics requests, the researchers were able to occasionally retrieve partial secrets during their testing, indicating that this issue could potentially leak sensitive information

Headlines

• May 21, 2024 - Critical Fluent Bit bug affects all major cloud providers
• May 21, 2024 - Critical Fluent Bit flaw affects major cloud platforms, tech companies' offerings (CVE-2024-4323)
• May 21, 2024 - Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms
• May 21, 2024 - Critical Fluent Bit Bug Impacts All Major Cloud Platforms
• May 21, 2024 - "Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit
• May 21, 2024 - Linguistic Lumberjack (CVE-2024-4323): Critical Vulnerability Shakes Cloud Logging Infrastructure
• May 20, 2024 - Critical Fluent Bit flaw impacts all major cloud providers
• May 20, 2024 - Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

CVE-2024-29849

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 8.70

Risk Context N/A

Published: May 22, 2024

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Quotes

• Because of our immutable backups and/or four-eyes authorization, the threat actor would receive an access denied error upon attempting to delete backups
• This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user
• This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user
• Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine
• Veeam Backup Enterprise Manager is compatible with managing Veeam Backup & Replication servers running an older version than Veeam Backup Enterprise Manager. Therefore, if the Veeam Backup Enterprise Manager software is installed on a dedicated server, Veeam Backup Enterprise Manager can be upgraded to version 12.1.2.172 without the need to upgrade Veeam Backup & Replication immediately

Headlines

• May 23, 2024 - Veeam says critical flaw can't be abused to trash backups
• May 22, 2024 - Critical Veeam Backup Enterprise Manager auth bypass bug
• May 22, 2024 - Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
• May 22, 2024 - Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
• May 22, 2024 - CVE-2024-29849 (CVSS 9.8): Veeam's Backup Nightmare, Full System Access Exposed
• May 21, 2024 - Veeam warns of critical Backup Enterprise Manager auth bypass bug

CVE-2023-43208

CRITICAL CVSS 9.80 EPSS Score 96.31 EPSS Percentile 99.54

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Oct. 26, 2023

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.

Vendors Impacted: Nextgen, Nextgen Healthcare

Product Impacted: Mirth Connect

Quotes

• Ultimately related to insecure usage of the Java XStream library for unmarshalling XML payloads
• While proactive vendors patch consumer products with software weaknesses in days or weeks, health care technology can take over a year to patch at scale

Headlines

• May 23, 2024 - HHS pledges $50M for autonomous vulnerability management solution for hospitals
• May 21, 2024 - CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
• May 21, 2024 - NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning
• May 21, 2024 - CISA Warns of Actively Exploited Flaws in NextGen Healthcare Mirth Connect and Chromium

CVE-2024-4947

HIGH CVSS 8.80 EPSS Score 0.28 EPSS Percentile 68.37

CISA Known Exploited Actively Exploited Remote Code Execution

Published: May 15, 2024

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Products Impacted: Chromium V8, Chrome

Quotes

• Google is aware that an exploit for CVE-2024-4947 exists in the wild
• Ultimately related to insecure usage of the Java XStream library for unmarshalling XML payloads
• Type Confusion in V8. Reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20
• Since the attack, NNA has taken several steps to strengthen its security environment, including an enterprise-wide password reset, implementation of Carbon Black monitoring on all compatible systems, vulnerability scans, and other actions to address unauthorized access

Headlines

• May 24, 2024 - Google Discovers Fourth Zero-Day in Less Than a Month
• May 24, 2024 - Google fixes eighth actively exploited Chrome zero-day this year
• May 24, 2024 - Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP
• May 21, 2024 - CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
• May 21, 2024 - NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning
• May 21, 2024 - CISA Warns of Actively Exploited Flaws in NextGen Healthcare Mirth Connect and Chromium
• May 20, 2024 - PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability
• May 20, 2024 - Nissan infosec in the spotlight again after fresh breach
• May 19, 2024 - CISA warns of hackers exploiting Chrome, EoL D-Link bugs
• May 19, 2024 - Week in review: New Black Basta's social engineering campaign, passing the CISSP exam in 6 weeks

CVE-2024-4978

HIGH CVSS 8.40 EPSS Score 0.04 EPSS Percentile 8.70

Remote Code Execution

Published: May 23, 2024

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Quotes

• Reimage any endpoints where JAVS Viewer 8.3.7 was installed
• Did not originate from JAVS or any 3rd party associated with JAVS
• Analysis of the installer JAVS Viewer Setup 8.3.7.250-1.exe showed that it was signed with an unexpected Authenticode signature and contained the binary fffmpeg.exe

Headlines

• May 24, 2024 - Mystery criminals backdoor courtroom recording software
• May 24, 2024 - Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack
• May 23, 2024 - JAVS courtroom recording software backdoored in supply chain attack
• May 23, 2024 - CVE-2024-4978: Backdoor Discovered in Justice AV Solutions Courtroom Software

CVE-2024-27130

HIGH CVSS 7.20 EPSS Score 0.04 EPSS Percentile 8.70

Public Exploits Available

Published: May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Quotes

• With a codebase bearing some long 10+ year legacy, and a long history of security weaknesses
• Here at watchTowr, we abide by an industry-standard 90-day period for vendors to respond to issues, as specified in our VDP
• Unsafe use of strcpy in No_Support_ACL accessible by get_file_size function of share.cgi leads to stack buffer overflow and thus RCE
• The CVE-2024-27130 vulnerability, which has been reported under WatchTowr ID WT-2023-0054, is caused by the unsafe use of the 'strcpy' function in the No_Support_ACL function, which is utilized by the get_file_size request in the share.cgi script

Headlines

• May 22, 2024 - QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
• May 21, 2024 - 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
• May 21, 2024 - Experts released PoC exploit code for RCE in QNAP QTS
• May 20, 2024 - QNAP QTS zero-day in Share feature gets public RCE exploit
• May 20, 2024 - QNAP called out for dragging its heels on patch development

CVE-2023-50364

MEDIUM CVSS 6.40 EPSS Score 0.04 EPSS Percentile 8.70

Risk Context N/A

Published: April 26, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Quotes

• With a codebase bearing some long 10+ year legacy, and a long history of security weaknesses
• Unsafe use of strcpy in No_Support_ACL accessible by get_file_size function of share.cgi leads to stack buffer overflow and thus RCE

Headlines

• May 22, 2024 - QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
• May 21, 2024 - 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
• May 21, 2024 - Experts released PoC exploit code for RCE in QNAP QTS
• May 20, 2024 - QNAP QTS zero-day in Share feature gets public RCE exploit

CVE-2023-50361

MEDIUM CVSS 5.00 EPSS Score 0.04 EPSS Percentile 8.70

Risk Context N/A

Published: April 26, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Quotes

• With a codebase bearing some long 10+ year legacy, and a long history of security weaknesses
• Unsafe use of strcpy in No_Support_ACL accessible by get_file_size function of share.cgi leads to stack buffer overflow and thus RCE

Headlines

• May 22, 2024 - QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
• May 21, 2024 - 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
• May 21, 2024 - Experts released PoC exploit code for RCE in QNAP QTS
• May 20, 2024 - QNAP QTS zero-day in Share feature gets public RCE exploit

CVE-2024-4985

CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 15.07

Actively Exploited Remote Code Execution

Published: May 20, 2024

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.

Quotes

• On instances that use SAML SSO authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges
• On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges
• GitHub Enterprise Server runs on your infrastructure and is governed by access and security controls that you define, such as firewalls, network policies, IAM, monitoring, and VPNs. GitHub Enterprise Server is suitable for use by enterprises that are subject to regulatory compliance, which helps to avoid issues that arise from software development platforms in the public cloud

Headlines

• May 23, 2024 - GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
• May 23, 2024 - GitHub Fixes Maximum Severity Flaw in Enterprise Server
• May 22, 2024 - GitHub Authentication Bypass Opens Enterprise Server to Attackers
• May 22, 2024 - Critical GitHub Enterprise Server Auth Bypass bug. Fix it now!
• May 22, 2024 - GitHub Enterprise Server patches critical vulnerability
• May 21, 2024 - Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
• May 21, 2024 - CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server