CVE-2024-0841 : LINUX KERNEL HUGETLB PAGE HUGETLBFS_FILL_SUPER NULL POINTER DEREFERENCE
Description A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality.
CVE-2024-22099 : LINUX KERNEL UP TO 6.7 CORE.C NULL POINTER DEREFERENCE
Description NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.
What Is Jenkins? What Are The Best Practices For Jenkins Security?
Jenkins is an open-source automation server that has emerged as a popular tool for streamlining software development workflows. In this
CVE-2024-23636 : SOFASTACK SOFA-RPC UP TO 5.11.X SOFA HESSIAN PROTOCOL DESERIALIZATION
Description SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while
What Are CLDAP Attacks? What Are The Risks And Impacts Of Such Attacks?
Connectionless Lightweight Directory Access Protocol (CLDAP) is a network protocol used for querying and modifying directory information services, such as
CVE-2024-0775 : LINUX KERNEL UP TO 6.4-RC1 EXT4 FILE SYSTEM FS/EXT4/SUPER.C __EXT4_REMOUNT USE AFTER FREE
Description A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows
CVE-2023-32272 : INTEL NUC PRO SOFTWARE SUITE CONFIGURATION TOOL PRIOR 3.0.0.6 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow
CVE-2023-40683 : IBM OPENPAGES WITH WATSON 8.3/9.0 IMPROPER AUTHORIZATION
Description IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization
CVE-2024-0646 : LINUX KERNEL TLS /NET/TLS/TLS_SW.C TLS_SW_SENDMSG_SPLICE OUT-OF-BOUNDS WRITE
Description An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user
CVE-2023-50164 : ORACLE MYSQL ENTERPRISE MONITOR 8.0.36 AND PRIOR MONITORING REMOTE CODE EXECUTION
Description An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
What Are GRE-IP UDP Floods?
Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates various network protocols within Internet Protocol (IP) packets. User Datagram
‘Rapid Reset’ DDoS Strikes Amplify With HTTP/2 Vulnerability
In recent months, a groundbreaking cyber threat has emerged, shaking the foundations of web security and challenging major cloud infrastructure
CVE-2023-7028 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.7.1 PASSWORD RESET UNKNOWN VULNERABILITY
Description An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to
CVE-2024-0057 : MICROSOFT .NET/.NET FRAMEWORK/VISUAL STUDIO REMOTE CODE EXECUTION
Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 For More Information CVERecord
CVE-2023-51441 : APACHE AXIS 1.X SERVICE ADMIN HTTP API SERVICEFACTORY.JAVA SERVER-SIDE REQUEST FORGERY
Description ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin
CVE-2023-6270 : LINUX KERNEL ATA OVER ETHERNET DRIVER AOECMD_CFG_PKTS USE AFTER FREE
Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly
CVE-2023-52314 : PADDLE UP TO 2.5.X CONVERT_SHAPE_COMPARE OS COMMAND INJECTION
Description PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on
2024 Threat Landscape Predictions
As we embark on the horizon of 2024, the cybersecurity landscape is teeming with challenges and opportunities. Recently, a globally
CVE-2024-21623 : MEHAH OTCLIENT SONARCLOUD WORKFLOW /MEHAH/OTCLIENT INJECTION
Description OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is
CVE-2024-0182 : SOURCECODESTER ENGINEERS ONLINE PORTAL 1.0 ADMIN LOGIN /ADMIN/ USERNAME/PASSWORD SQL INJECTION
Description A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is
CVE-2023-7095 : TOTOLINK A7100RU 7.4CU.2313_B20191024 HTTP POST REQUEST CSTECGI.CGI MAIN FLAG BUFFER OVERFLOW
Description A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is
CVE-2023-51656 : APACHE IOTDB UP TO 0.13.4 DESERIALIZATION
Description Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended
CVE-2023-47093 : STORMSHIELD NETWORK SECURITY UP TO 4.3.21/4.6.8/4.7.0 ASQ ENGINE DENIAL OF SERVICE
Description An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a