2024 Threat Landscape Predictions
As we embark on the horizon of 2024, the cybersecurity landscape is teeming with challenges and opportunities. Recently, a globally
CVE-2024-21623 : MEHAH OTCLIENT SONARCLOUD WORKFLOW /MEHAH/OTCLIENT INJECTION
Description OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is
CVE-2024-0182 : SOURCECODESTER ENGINEERS ONLINE PORTAL 1.0 ADMIN LOGIN /ADMIN/ USERNAME/PASSWORD SQL INJECTION
Description A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is
CVE-2023-7095 : TOTOLINK A7100RU 7.4CU.2313_B20191024 HTTP POST REQUEST CSTECGI.CGI MAIN FLAG BUFFER OVERFLOW
Description A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is
CVE-2023-51656 : APACHE IOTDB UP TO 0.13.4 DESERIALIZATION
Description Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended
CVE-2023-47093 : STORMSHIELD NETWORK SECURITY UP TO 4.3.21/4.6.8/4.7.0 ASQ ENGINE DENIAL OF SERVICE
Description An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a
CVE-2023-6975 : MLFLOW PRIOR 2.9.2 PATH TRAVERSAL
Description A malicious user could use this issue to get command execution on the vulnerable machine and get access to
The Dawn Of Cyber Challenges In Healthcare Security | Prophaze
In a recent case, healthcare teams in Singapore struggled with prolonged online outages due to distributed denial of service (DDoS)
CVE-2023-6817 : LINUX KERNEL UP TO 6.6.X NFT_SET_PIPAPO.C NFT_PIPAPO_WALK USE AFTER FREE
Description A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The
CVE-2023-6483 : ADITAAS ALLIED DIGITAL INTEGRATED TOOL-AS-A-SERVICE UP TO 5.1 BACKEND API IMPROPER AUTHENTICATION
Description The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the
CVE-2023-48371 : ITPISON OMICARD EDM 6.0.1.5 SMS UNRESTRICTED UPLOAD
Description ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker
CVE-2023-45174 : IBM AIX/VIOS QDAEMON COMMAND ACCESS CONTROL
Description IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the
CVE-2023-48782 : FORTINET FORTIWLM UP TO 8.6.5 HTTP GET REQUEST OS COMMAND INJECTION
Description A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0
What Is An SNMP Amplification Attack? How Does SNMP Amplification Work?
Simple Network Management Protocol (SNMP) is a widely used protocol for managing and monitoring network devices. It allows network administrators
CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION
Description Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability,
CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR
Description The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this
CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION
Description This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets
CVE-2023-49070 : APACHE OFBIZ UP TO 18.12.9 CODE INJECTION
Description Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache
CVE-2023-40699 : IBM INFOSPHERE INFORMATION SERVER 11.7 DENIAL OF SERVICE
Description IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper
Consumer Alert: Staying Cyber-Safe Amidst The Holiday Shopping Surge
As the holiday season is upon us and the festivities begin to heat up, at the very least, it also
CVE-2023-42917 : APPLE IOS/IPADOS WEB CONTENTS MEMORY CORRUPTION
Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2,
CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION
Description The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542
What Is SSDP Amplification Attack?
The Simple Service Discovery Protocol (SSDP) is a network protocol used by devices to discover and communicate with each other
CVE-2023-46589 : APACHE TOMCAT UP TO 8.5.95/9.0.82/10.1.15/11.0.0-M10 HTTP TRAILER HEADER REQUEST SMUGGLING
Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82