This is a vulnerability that exists in HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.1 classified as CVE-2024-49606 (CVSSv3: 9.8). Cisco Talos security researchers describe this vulnerability as a use-after-free which exists in the HTTP Connection Headers of vulnerable versions of tiny proxy. Utilizing a specially crafted HTTP header can trigger reuse of previously freed memory which leads to memory corruption and can potentially lead to remote code execution. This method does not require authentication. This vulnerability is considered a zero day, but a fix has been made available through GitHub.

There are several vulnerabilities fixed in a recent HPE Aruba Networking security advisory which details multiple critical remote code execution (RCE) vulnerabilities. There are 4 critical vulnerabilities total: CVE-2024-26305 (CVSSv3: 9.8) – Buffer overflow vulnerability by the Utility daemon leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI (Aruba’s access point management protocol) over port 8211. Exploitation allows for the ability to execute arbitrary code as a privileged user on the operating system. CVE-2204-26304 (CVSSv3: 9.8) - Buffer overflow vulnerability in the L2/L3 Managment service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211. CVE-2024-33511 (CVSSv3: 9.8) - Buffer overflow vulnerability in the Automatic Reporting service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211. CVE-2024-33512 (CVSSv3: 9.8) - Buffer overflow vulnerability in the Local User Authentication Database service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211.

MedStar, a leading healthcare service provider operating across Maryland, Virginia, and Washington DC, has recently fallen victim to a significant data breach. This incident, which came to light following an investigation concluded in March 2024, involved unauthorized access to the personal information of approximately 183,000 patients. Detected activities occurred intermittently between January and October of 2023, compromising sensitive data including health insurance information and individual healthcare details, which can fetch high prices on dark web markets. MedStar has responded by notifying affected patients and reinforcing their security measures.

A vulnerability in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software, categorized as CVE-2024-20353 (CVSSv3: 8.6), results in a denial-of-service condition when exploited, allowing an unauthenticated, remote attacker to cause the device to reload unexpectedly. According to Cisco, this vulnerability is due to incomplete error checking when parsing an HTTP header. It is exploited by sending a specifically crafted HTTP request to a targeted web server. CISA has added this to their Known Exploited Vulnerabilities Catalog, adding to the urgency to remediate.

A vulnerability categorized as CVE-2024-23463 (CVSSv3: 8.8), is present in the Zscaler Client Connector in versions prior to 4.2.1. It allows the anti-tampering protection of the client to be bypassed when the Repair App functionality is running under certain conditions.

A vulnerability present in the R programming language on versions 1.4.0 through 4.4.0., categorized as CVE-2024-27322 (CVSSv3: 8.8), allows a remote attacker to send a maliciously crafted RDS-formatted file or R package to run arbitrary code on a user’s system. This vulnerability requires the user to interact with the RDS formatted file or R package. The research for this vulnerability comes from HiddenLayer.

Ivanti has released a security advisory detailing several vulnerabilities being remediated with an update to Ivanti Avalanche. Two critical (CVSSv3: 9.8) heap overflow vulnerabilities have been patched in the WLAvalancheService (CVE-2024-29204) and WLInfoRailService (CVE-2024-24996) components of Ivanti Avalanche. These vulnerabilities allow for an unauthenticated remote attacker to execute arbitrary commands. An update to Ivanti Avalanche 6.4.3 will remediate these vulnerabilities as well as several others. Ivanti is currently not aware of any of their customers being exploited by these vulnerabilities.

A vulnerability, classified as CVE-2024-20295 (CVSSv3: 8.8) is present in the CLI of the Cisco Integrated Management Controller (IMC) which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. The Cisco PSIRT is aware of proof-of-concept exploit code that is available for the vulnerability, however they are not aware of any malicious use of it yet.

PuTTY, a popular SSH and Telnet client, is currently subject to a vulnerability that can allow an attacker to compromise private keys. This vulnerability, identified as CVE-2024-31497 (CVSSv3: 5.9), affects 521-bit ECSA keys, and allows an attacker to recover a user’s NIST P-521 secret key utilizing a quick attack in roughly 60 signatures. The attacker, after compromising the private key, can log into any service for which that key is used.