CVE-2024-29212 : VEEAM SERVICE PROVIDER CONSOLE 8/UP TO 7 MANAGEMENT AGENT DESERIALIZATION
Description Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management
CVE-2024-4129 : SNOW SOFTWARE SNOW LICENSE MANAGER UP TO 9.34.0 ON WINDOWS ACTIVE DIRECTORY AUTHENTICATION IMPROPER AUTHENTICATION
Description Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an
CVE-2024-34515 : SPATIE IMAGE-OPTIMIZER UP TO 1.7.2 PHAR DESERIALIZATION FILE_EXISTS DESERIALIZATION
Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For
CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING
Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects
10 Essential Strategies For Securing Endpoints
In our interconnected digital era, endpoints represent the gateways to an organization’s digital assets. Unfortunately, they also stand as prime
CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION
Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows
CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more
What Is SlowLoris DDoS Attacks?
SlowLoris DDoS Attacks are a type of stealthy, low-and-slow layer 7 Distributed Denial of Service (DDoS) attack that targets web
CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION
Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the
CTEM Framework In Cloud Security
Significant challenges have marked the cloud security landscape as organizations increasingly rely on cloud services. In 2023, 82% of data
CVE-2024-29733 : APACHE AIRFLOW UP TO 3.6.X FTP PROVIDER CERTIFICATE VALIDATION
Description Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections,
CVE-2024-29204 : IVANTI AVALANCHE UP TO 6.4.2 WLAVALANCHESERVICE HEAP-BASED OVERFLOW
Description A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute
CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE
Description Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via
CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE
Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE
Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted
When To Use Multicloud?
Multicloud involves utilizing two or more cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud
CVE-2024-26817 : LINUX KERNEL UP TO 6.8.5 AMDKFD KZALLOC INTEGER OVERFLOW
Description In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer
CVE-2024-3400 : PALO ALTO NETWORKS PAN-OS GLOBALPROTECT COMMAND INJECTION
Description A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and
CVE-2024-21508 : MYSQL2 UP TO 3.9.3 READCODEFOR BIGNUMBERSTRINGS CODE INJECTION
Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due
CVE-2024-30729 : ROS KINETIC KAME 1 OS COMMAND INJECTION
Description An OS command injection vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3,
CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY
Description Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security
What Is A CI/CD Pipeline? Definition, Benefits, And Best Practices
Continuous Integration (CI) focuses on frequently merging code changes from multiple developers into a shared repository. It involves automatically building
CVE-2024-29008 : APACHE CLOUDSTACK UP TO 4.18.1.0/4.19.0.0 EXTRACONFIG ACCESS CONTROL
Description A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone
CVE-2024-2389 : PROGRESS FLOWMON UP TO 11.1.13/12.3.4 MANAGEMENT INTERFACE OS COMMAND INJECTION
Description In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated