CVE-2024-24573 : WILLYXJ FACILEMANAGER UP TO 4.5.0 POST REQUEST PROCESSPOST.PHP AUTHORIZATION
Description facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier,
CVE-2024-21649 : VANTAGE6 UP TO 4.1.X ENVIRONMENT VARIABLE CODE INJECTION
Description The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).
CVE-2024-1015 : SE-ELEKTRONIC E-DDC3.3 03.07.03 WEB CONFIGURATION CODE INJECTION
Description Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands
What Is DNS Water Torture?
DNS Water Torture is a type of DDoS attack that targets the Domain Name System (DNS), a critical component of
CVE-2024-0841 : LINUX KERNEL HUGETLB PAGE HUGETLBFS_FILL_SUPER NULL POINTER DEREFERENCE
Description A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality.
CVE-2024-22099 : LINUX KERNEL UP TO 6.7 CORE.C NULL POINTER DEREFERENCE
Description NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.
What Is Jenkins? What Are The Best Practices For Jenkins Security?
Jenkins is an open-source automation server that has emerged as a popular tool for streamlining software development workflows. In this
CVE-2024-23636 : SOFASTACK SOFA-RPC UP TO 5.11.X SOFA HESSIAN PROTOCOL DESERIALIZATION
Description SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while
What Are CLDAP Attacks? What Are The Risks And Impacts Of Such Attacks?
Connectionless Lightweight Directory Access Protocol (CLDAP) is a network protocol used for querying and modifying directory information services, such as
CVE-2024-0775 : LINUX KERNEL UP TO 6.4-RC1 EXT4 FILE SYSTEM FS/EXT4/SUPER.C __EXT4_REMOUNT USE AFTER FREE
Description A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows
CVE-2023-32272 : INTEL NUC PRO SOFTWARE SUITE CONFIGURATION TOOL PRIOR 3.0.0.6 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow
CVE-2023-40683 : IBM OPENPAGES WITH WATSON 8.3/9.0 IMPROPER AUTHORIZATION
Description IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization
CVE-2024-0646 : LINUX KERNEL TLS /NET/TLS/TLS_SW.C TLS_SW_SENDMSG_SPLICE OUT-OF-BOUNDS WRITE
Description An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user
CVE-2023-50164 : ORACLE MYSQL ENTERPRISE MONITOR 8.0.36 AND PRIOR MONITORING REMOTE CODE EXECUTION
Description An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
What Are GRE-IP UDP Floods?
Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates various network protocols within Internet Protocol (IP) packets. User Datagram
‘Rapid Reset’ DDoS Strikes Amplify With HTTP/2 Vulnerability
In recent months, a groundbreaking cyber threat has emerged, shaking the foundations of web security and challenging major cloud infrastructure
CVE-2023-7028 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.7.1 PASSWORD RESET UNKNOWN VULNERABILITY
Description An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to
CVE-2024-0057 : MICROSOFT .NET/.NET FRAMEWORK/VISUAL STUDIO REMOTE CODE EXECUTION
Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 For More Information CVERecord
CVE-2023-51441 : APACHE AXIS 1.X SERVICE ADMIN HTTP API SERVICEFACTORY.JAVA SERVER-SIDE REQUEST FORGERY
Description ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin
CVE-2023-6270 : LINUX KERNEL ATA OVER ETHERNET DRIVER AOECMD_CFG_PKTS USE AFTER FREE
Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly
CVE-2023-52314 : PADDLE UP TO 2.5.X CONVERT_SHAPE_COMPARE OS COMMAND INJECTION
Description PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on
2024 Threat Landscape Predictions
As we embark on the horizon of 2024, the cybersecurity landscape is teeming with challenges and opportunities. Recently, a globally
CVE-2024-21623 : MEHAH OTCLIENT SONARCLOUD WORKFLOW /MEHAH/OTCLIENT INJECTION
Description OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is