This forum is dedicated to sharing up-to-date, in-depth technical information on newly released vulnerabilities, critical exploits, and patch management strategies.
Viewing 9 topics - 1 through 9 (of 9 total)
-
- Topic
- Voices
- Posts
- Last Post
-
-
CVE-2024-45710 : SolarWinds Uncontrolled Path Element Escalation Vulnerability SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)
- 1
- 1
-
CVE-2024-9486 : Kubernetes Image Builder Security Vulnerability Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)
- 1
- 1
-
CVE-2024-52799 : Argo Workflow Charts Vulnerability Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3
- 1
- 1
-
CVE-2024-53912 : Veritas Enterprise Vault Vulnerability A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)
- 1
- 1
-
CVE-2024-53674 : HPE Insight Remote Support Vulnerability An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)
- 1
- 1
-
CVE-2024-11789 : Fuji Electric Vulnerability The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)
- 1
- 1
-
CVE-2024-9852 The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)
- 1
- 1
-
CVE-2024-47089: Unauthorized Transaction Manipulation Vulnerability This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modificat...This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modificat...
- 1
- 1
-
Microsoft Addresses 79 Flaws, 4 Zero Days in September 2024 Patch Tuesday September's coming in hot! Out of the 79 vulnerabilities it has under its belt, 4 are zero-days, and each zero-day is known to have been actively exploited. Luckily, Microsoft has saved us all from impending calamity once more and released patches for them all. The most popular vulnerability catego...September's coming in hot! Out of the 79 vulnerabilities it has under its belt, 4 are zero-days, and each zero-day is known to have been actively exploited. Luckily, Microsoft has saved us all from impending calamity once more and released patches for them all. The most popular vulnerability catego...
- 1
- 1
-
Viewing 9 topics - 1 through 9 (of 9 total)
- You must be logged in to create new topics.