Aggregator

CVE-2024-56644 | Linux Kernel up to 6.12.4 TCP Connection ip6_negative_advice reference count (Nessus ID 216985 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as problematic. Affected by this vulnerability is the function ip6_negative_advice of the component TCP Connection Handler. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2024-56644. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56643 | Linux Kernel up to 6.12.4 dccp_feat_push_confirm memory leak (Nessus ID 214901 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. This issue affects the function dccp_feat_push_confirm. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-56643. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56642 | Linux Kernel up to 6.12.4 tipc cleanup_bearer use after free (Nessus ID 214609 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.4. Affected is the function cleanup_bearer of the component tipc. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56642. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56640 | Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4 smc_conn_free use after free (Nessus ID 216985 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4. Affected by this issue is the function smc_conn_free. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-56640. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56637 | Linux Kernel up to 6.12.4 Hold Module ip_set.ko mdelay race condition (Nessus ID 214901 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.4 and classified as problematic. Affected by this issue is the function mdelay in the library ip_set.ko of the component Hold Module. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-56637. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56652 | Linux Kernel up to 6.12.5 reg_sr use after free (Nessus ID 230724 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.5. Affected is an unknown function of the component reg_sr. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56652. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56639 | Linux Kernel up to 6.12.4 net net/core/skbuff.c hsr_init_skb allocation of resources (Nessus ID 233479 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as problematic. This vulnerability affects the function hsr_init_skb of the file net/core/skbuff.c of the component net. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-56639. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56638 | Linux Kernel up to 6.6.65/6.12.4 nft_inner stack-based overflow (Nessus ID 233479 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4. It has been classified as critical. This affects an unknown part of the component nft_inner. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-56638. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56636 | Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4 include/linux/skbuff.h geneve_xmit_skb privilege escalation (Nessus ID 214901 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. It has been rated as problematic. This issue affects the function geneve_xmit_skb in the library include/linux/skbuff.h. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2024-56636. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56632 | Linux Kernel up to 6.12.4 nvme-tcp admin_q memory leak (Nessus ID 233479 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. This issue affects the function admin_q of the component nvme-tcp. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-56632. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56634 | Linux Kernel up to 6.12.4 grgpio devm_kasprintf null pointer dereference (Nessus ID 216224 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as critical. Affected by this vulnerability is the function devm_kasprintf of the component grgpio. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-56634. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56635 | Linux Kernel up to 6.6.65/6.12.4 default_operstate use after free (Nessus ID 214901 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4. It has been classified as critical. This affects the function default_operstate. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56635. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56629 | Linux Kernel up to 6.12.4 wacom null pointer dereference (Nessus ID 216224 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.4 and classified as critical. Affected by this issue is some unknown functionality of the component wacom. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-56629. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56631 | Linux Kernel up to 6.6.65/6.12.4 scsi sg_release reference count (Nessus ID 214453 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.6.65/6.12.4. Affected is the function sg_release of the component scsi. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-56631. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56628 | Linux Kernel up to 6.1.119/6.6.65/6.12.4 run_vmtests.sh huge_pte_clear reference count (Nessus ID 216985 / WID-SEC-2024-3762)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. This issue affects the function huge_pte_clear of the file run_vmtests.sh. The manipulation leads to improper update of reference count. The identification of this vulnerability is CVE-2024-56628. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

New infosec products of the week: July 25, 2025

Help Net Security
1 month 4 weeks ago

Here’s a look at the most interesting products from the past week, featuring releases from Akeyless, Bitdefender, Malwarebytes, ManageEngine, PlexTrac, and Seemplicity. PlexTrac Workflow Automation Engine enhancements accelerate time to remediation PlexTrac launched enhanced Workflow Automation Engine, a major product update designed to standardize workflows across the vulnerability lifecycle, automate pentest findings delivery, accelerate time to remediation, and increase operational efficiency. By leveraging the unified security data already centralized in PlexTrac, the new automation capabilities … More →

The post New infosec products of the week: July 25, 2025 appeared first on Help Net Security.

Sinisa Markovic

超过1000个CrushFTP服务器持续暴露在劫持攻击中

不安全
1 month 4 weeks ago
超过1000个CrushFTP服务器因严重安全漏洞(CVE-2025-54309)暴露于劫持攻击中。该漏洞源于AS2验证错误处理,影响旧版本服务器。供应商建议更新软件、使用DMZ隔离主服务器,并审查日志以减少风险。尽管部分客户已采取措施,仍有大量实例未修补,成为勒索软件团伙的目标。

超过1000个CrushFTP服务器持续暴露在劫持攻击中

嘶吼
1 month 4 weeks ago

在网上暴露的超过1000个CrushFTP实例易受劫持攻击的威胁,这些攻击利用了一个严重的安全漏洞,提供对网页界面的管理员访问权限。

该安全漏洞(CVE-2025-54309)是由于错误处理AS2验证,并影响10.8.5和11.3.4_23以下的所有CrushFTP版本。该供应商在7月19日将该漏洞标记为在野外被积极利用,并指出攻击可能更早开始,尽管它尚未找到证据来证实这一点。

7月18日上午9点,CrushFTP在野外发现了一个0day漏洞。它可能持续了更长的时间。黑客显然对其代码进行了逆向工程,发现了一些CrushFTP已经修复的bug。

但CrushFTP最近表示,保持最新状态的服务器不容易受到攻击,并指出使用非军事区(DMZ)实例隔离其主服务器的客户不会受到此漏洞的影响。

该公司还建议审查上传和下载日志中的异常活动,以及启用自动更新和服务器和管理访问的白名单ip,以进一步减少利用企图。

根据安全威胁监控平台Shadowserver的扫描,大约有1040个CrushFTP实例仍然没有针对CVE-2025-54309打补丁,很容易受到攻击。

ShadowServer通知CrushFTP客户,他们的服务器不受正在进行的CVE-2025-54309攻击的保护,将其内容暴露给数据盗窃企图。

虽然目前还不清楚这些正在进行的攻击是部署恶意软件还是用于窃取数据,但近年来,像CrushFTP这样的托管文件传输解决方案一直是勒索软件团伙的高价值目标。仅Clop网络犯罪团伙就与针对Accelion FTA、GoAnywhere MFT、MOVEit Transfer以及最近的Cleo软件的零日漏洞的多次数据盗窃活动有关。

据悉,2024年4月,CrushFTP还修补了一个被积极利用的零日漏洞(追踪为CVE-2024-4040),该漏洞允许未经身份验证的攻击者逃离用户的虚拟文件系统(VFS)并下载系统文件。

当时,网络安全公司CrowdStrike发现有证据表明,针对多个美国组织的CrushFTP实例的攻击可能出于政治动机,主要目的是收集情报。

胡金鱼

Managed ad