Preface: CGI is a standard protocol that allows web servers to execute external programs or scripts, typically written in languages like Perl or Python, in response to client requests.

Path Traversal: Exploiting lax file path validation, attackers navigate outside the intended directory, accessing restricted files or directories.

Background: MLNX-OSis a next-generation switch operating system for data centers with storage, enterprise, high-performance computing and cloud fabrics. Building networks with MLNX-OS enables scaling to thousands of compute and storage nodes with monitoring and provisioning capabilities, whether they are InfiniBand or Virtual Protocol Interconnect (VPI).

NVIDIA Onyx, with its robust layer-3 protocol stack, built-in monitoring and visibility tools, and high-availability mechanisms, Onyx is an ideal network operating system for enterprise and cloud data centers.

The NVIDIASkyway gateway appliance provides 1.6Tb/s  throughput, enabling scalable and efficient connectivity from InfiniBand data centers to external Ethernet-based infrastructures and storage.

The NVIDIAMetroX-3 XC long-haul system seamlessly and securely extends the reach of the NVIDIA Quantum InfiniBand networking platform, providing high data throughput, In-Network Computing, and native remote direct-memory access (RDMA) communications. Enhancing data security, MetroX-3 XC provides encrypted connectivity over long distances and dense wavelength-division multiplexing (DWDM) infrastructures.

Extending InfiniBand connectivity to 10 or 40 kilometers,. MetroX–2 systems enable high data throughput, native remote direct memory access (RDMA).

Vulnerability details: NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5563

Preface: What Is a Document Database? A document-oriented database is a special type of key-value store where keys can only be strings. Moreover, the document is encoded using standards like JSON or related languages like XML. You can also store PDFs, image files, or text documents directly as values.

Background: As a document database, MongoDB makes it easy for developers to store structured or unstructured data. It uses a JSON-like format to store documents. Most breaches involving MongoDB occur because of a deadly combination of authentication disabled and MongoDB opened to the internet.

Vulnerability details: Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files.

Impact: This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-7553

Preface: Size of /dev/shm. A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes). If the unit is omitted, the system uses bytes. If the size is omitted, the default is 64m. When size is 0, there is no limit on the amount of memory used for IPC by the container. This option conflicts with –ipc=host.

IPC:Shared Memory

Two processes comunicating via shared memory.

shm_server[.]c — simply creates the string and shared memory portion.

shm_client[.]c — attaches itself to the created shared memory portion and uses the string (printf.

Background: Podman, Podman Desktop, and other open standards-based container tools make Red Hat Enterprise Linux a powerful container host that delivers production-grade support, stability, and security features as well as a path forward to Kubernetes and Red Hat OpenShift.

Vulnerability details: A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container’s cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run –restart=always`, this can result in a memory-based denial of service of the system.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-3056

Preface: Segmentation faults (segfaults) are a common error that occurs when a program tries to access a restricted area of memory. Segfaults can occur for a wide variety of reasons: usage of uninitialized pointers, out-of-bounds memory accesses, memory leaks, buffer overflows, etc.

Background: TensorFlow can be used to develop models for various tasks, including natural language processing, image recognition, handwriting recognition, and different computational-based simulations such as partial differential equations.

Vulnerability details: TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.

The shape function in array_ops.cc for those ops requires that argument to have rank 2, but that function is bypassed when switching between graph and eager modes, allowing for invalid arguments to pass through and, in the test case, cause a segfault.

Solution: The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.

Official announcement: Please refer to the official announcement for details – https://www.tenable.com/cve/CVE-2023-33976