What Lies Beyond Critical RunC Vulnerabilities in Docker | Prophaze
A new vulnerability was found in runC command line tool, also known as Leaky Vessels, impacting the runtime engine for
CVE-2024-1783 : TOTOLINK LR1200GB 9.1.0U.6619_B20230130/9.3.5U.6698_B20230810 WEB INTERFACE /CGI-BIN/CSTECGI.CGI LOGINAUTH HTTP_HOST STACK-BASED OVERFLOW
Description A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the
CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload
Proactive Tactics to Conquer Shadow API Threats Today
In the fast-evolving landscape of digital technology, the emergence of shadow APIs poses a growing risk for organizations, opening doors
CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device
CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP
Description Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from
CVE-2024-0610 : PIRAEUS BANK WOOCOMMERCE PAYMENT GATEWAY UP TO 1.6.5.1 ON WORDPRESS SQL INJECTION
Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘MerchantReference’
CVE-2024-25415 : CE PHOENIX 1.0.8.20 DEFINE_LANGUAGE.PHP INJECTION
Description A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code
CVE-2024-26260 : HGIGA OAKLOUDS OS COMMAND INJECTION
Description The functionality for synchronization in HGiga OAKlouds’ certain moudules has an OS Command Injection vulnerability, allowing remote attackers to
CVE-2024-21376 : MICROSOFT AZURE KUBERNETES SERVICE CONFIDENTIAL CONTAINERS REMOTE CODE EXECUTION
Description Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376 For More Information CVERecord
Decrypting Cyber Threats: Navigating India’s Landscape of Financial Frauds and E-Payment Security
A recent study conducted by an IIT Kanpur-incubated start-up revealed alarming statistics, revealing that financial frauds accounted for a staggering
CVE-2024-25110 : AZURE AZURE-UAMQP-C 1.0 OPEN_GET_OFFERED_CAPABILITIES USE AFTER FREE
Description The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation
CVE-2023-50292 : APACHE SOLR UP TO 8.11.2/9.2.X PERMISSION ASSIGNMENT
Description Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects
CVE-2024-24830 : OPENOBSERVE UP TO 0.7.X ROLE-BASED ACCESS CONTROL /API/{ORG_ID}/USERS IMPROPER AUTHORIZATION
Description OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A
RBI Mandated Web Application Firewall On Digital Products | Prophaze
The Reserve Bank of India (RBI) has recently mandated the implementation of web application firewalls (WAFs) and DDoS mitigation techniques
CVE-2024-23673 : APACHE SLING SERVLETS RESOLVER UP TO 2.10.X SCRIPT PATH TRAVERSAL
Description Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of
CVE-2024-22853 : D-LINK GO-RT-AC750 101B03 HARD-CODED PASSWORD
Description D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access
CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION
Description IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute
CVE-2024-24573 : WILLYXJ FACILEMANAGER UP TO 4.5.0 POST REQUEST PROCESSPOST.PHP AUTHORIZATION
Description facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier,
CVE-2024-21649 : VANTAGE6 UP TO 4.1.X ENVIRONMENT VARIABLE CODE INJECTION
Description The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).
CVE-2024-1015 : SE-ELEKTRONIC E-DDC3.3 03.07.03 WEB CONFIGURATION CODE INJECTION
Description Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands
CVE-2024-0841 : LINUX KERNEL HUGETLB PAGE HUGETLBFS_FILL_SUPER NULL POINTER DEREFERENCE
Description A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality.
CVE-2024-22099 : LINUX KERNEL UP TO 6.7 CORE.C NULL POINTER DEREFERENCE
Description NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.
CVE-2024-23636 : SOFASTACK SOFA-RPC UP TO 5.11.X SOFA HESSIAN PROTOCOL DESERIALIZATION
Description SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while