CVE-2024-36886 – Linux Kernel Zero-Day Vulnerability

June 21, 2024

Attackers Actively Exploit SolarWinds Serv-U Path Traversal Vulnerability

June 21, 2024

CVE-2024-34693 – Apache Superset Vulnerability

June 21, 2024

Severity

Medium

Analysis Summary

CVE-2024-34693

Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted targeted request, an attacker could exploit this vulnerability to create a MariaDB connection with local_infile enabled and execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2024-34693

Affected Vendors

Apache

Affected Products

Apache Superset 3.0.0
Apache Superset 4.0.0

Remediation

Upgrade to the latest version of Superset, available from the Apache Website.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

CVE-2024-36886 – Linux Kernel Zero-Day Vulnerability

Attackers Actively Exploit SolarWinds Serv-U Path Traversal Vulnerability

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.