CVE-2024-26622 : LINUX KERNEL UP TO 6.8-RC6 TOMOYO_WRITE_CONTROL USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control()
What Are Fragmented Attacks?
Fragmented Attacks refer to a type of cyber assault that utilizes network packet fragmentation to obscure malicious payloads and deceive
CVE-2023-52479 : LINUX KERNEL UP TO 5.15.134/6.1.56/6.5.6 KSMBD SMB20_OPLOCK_BREAK_ACK USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use
CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL
Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access
CVE-2024-25751 : TENDA AC9 15.03.06.42_MULTI FROMSETSYSTIME STACK-BASED OVERFLOW
Description A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to
What Lies Beyond Critical RunC Vulnerabilities in Docker | Prophaze
A new vulnerability was found in runC command line tool, also known as Leaky Vessels, impacting the runtime engine for
CVE-2024-1783 : TOTOLINK LR1200GB 9.1.0U.6619_B20230130/9.3.5U.6698_B20230810 WEB INTERFACE /CGI-BIN/CSTECGI.CGI LOGINAUTH HTTP_HOST STACK-BASED OVERFLOW
Description A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the
What are TCP Connect Floods? How to mitigate TCP Connect Floods?
TCP Connect Floods are a type of DDoS attack that aims to overwhelm a target network’s resources by flooding it
CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload
Proactive Tactics to Conquer Shadow API Threats Today
In the fast-evolving landscape of digital technology, the emergence of shadow APIs poses a growing risk for organizations, opening doors
CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device
CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP
Description Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from
What Are Negotiation Floods?
Negotiation Floods are a type of DDoS attack that exploits network protocols’ negotiation processes to overwhelm network resources. The attacker
CVE-2024-0610 : PIRAEUS BANK WOOCOMMERCE PAYMENT GATEWAY UP TO 1.6.5.1 ON WORDPRESS SQL INJECTION
Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘MerchantReference’
CVE-2024-25415 : CE PHOENIX 1.0.8.20 DEFINE_LANGUAGE.PHP INJECTION
Description A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code
CVE-2024-26260 : HGIGA OAKLOUDS OS COMMAND INJECTION
Description The functionality for synchronization in HGiga OAKlouds’ certain moudules has an OS Command Injection vulnerability, allowing remote attackers to
CVE-2024-21376 : MICROSOFT AZURE KUBERNETES SERVICE CONFIDENTIAL CONTAINERS REMOTE CODE EXECUTION
Description Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376 For More Information CVERecord
Decrypting Cyber Threats: Navigating India’s Landscape of Financial Frauds and E-Payment Security
A recent study conducted by an IIT Kanpur-incubated start-up revealed alarming statistics, revealing that financial frauds accounted for a staggering
CVE-2024-25110 : AZURE AZURE-UAMQP-C 1.0 OPEN_GET_OFFERED_CAPABILITIES USE AFTER FREE
Description The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation
What Is TCP RST Floods SSL?
TCP RST Floods SSL is a form of Distributed Denial of Service (DDoS) attack that focuses on disrupting secure connections
CVE-2023-50292 : APACHE SOLR UP TO 8.11.2/9.2.X PERMISSION ASSIGNMENT
Description Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects
CVE-2024-24830 : OPENOBSERVE UP TO 0.7.X ROLE-BASED ACCESS CONTROL /API/{ORG_ID}/USERS IMPROPER AUTHORIZATION
Description OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A
RBI Mandated Web Application Firewall On Digital Products | Prophaze
The Reserve Bank of India (RBI) has recently mandated the implementation of web application firewalls (WAFs) and DDoS mitigation techniques
CVE-2024-23673 : APACHE SLING SERVLETS RESOLVER UP TO 2.10.X SCRIPT PATH TRAVERSAL
Description Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of