Topics – Page 2 – SecPod Community

Viewing 15 topics - 16 through 30 (of 108 total)

← 1 2 3 … 6 7 8 →

- Topic
- Voices
- Posts
- Last Post
- SecPod Cyber Bulletin 32nd Issue 1. Windows Zero-Days and Firefox Issues The RomCom group has been exploiting zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Windows and Firefox, emphasizing the need for continuous monitoring and timely updates. CVSS Score: 9.8,8.8 2. Critical Flaw Detected in ProjectSend A criti...1. Windows Zero-Days and Firefox Issues The RomCom group has been exploiting zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Windows and Firefox, emphasizing the need for continuous monitoring and timely updates. CVSS Score: 9.8,8.8 2. Critical Flaw Detected in ProjectSend A criti...
  
  Started by: saanidhyadwivedi in: Cyber Bulletin
- 1
- 1
- saanidhyadwivedi
- CVE-2024-45710 : SolarWinds Uncontrolled Path Element Escalation Vulnerability SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- CVE-2024-9486 : Kubernetes Image Builder Security Vulnerability Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- Patch repository creation for RHEL 7 RHEL_7 ClientSide #!/bin/bash # Specify the values ip_address="192.168.2.60" protocol="https" rhel_version="7" # Generate the repository configuration dynamically repo_filename="/etc/yum.repos.d/rhel${rhel_version}_custom.repo" cat <<EOL > "$repo_filename" [RepoMainrepo] name = rhel-${rh...RHEL_7 ClientSide #!/bin/bash # Specify the values ip_address="192.168.2.60" protocol="https" rhel_version="7" # Generate the repository configuration dynamically repo_filename="/etc/yum.repos.d/rhel${rhel_version}_custom.repo" cat <<EOL > "$repo_filename" [RepoMainrepo] name = rhel-${rh...
  
  Started by: Community Manager in: SanerScript
- 1
- 2
- Community Manager
- CVE-2024-52799 : Argo Workflow Charts Vulnerability Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- CVE-2024-53912 : Veritas Enterprise Vault Vulnerability A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- CVE-2024-53674 : HPE Insight Remote Support Vulnerability An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- CVE-2024-11789 : Fuji Electric Vulnerability The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- CVE-2024-9852 The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)
  
  Started by: saanidhyadwivedi in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- saanidhyadwivedi
- SecPod Cyber Bulletin 31st Issue SecPod Cyber Bulletin 31st Issue Dell Enterprise SONiC Vulnerabilities Dell Technologies has disclosed three critical security vulnerabilities (CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765) affecting its Enterprise SONiC (Software for Open Networking in the Cloud) operating system. CVSS Scor...SecPod Cyber Bulletin 31st Issue Dell Enterprise SONiC Vulnerabilities Dell Technologies has disclosed three critical security vulnerabilities (CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765) affecting its Enterprise SONiC (Software for Open Networking in the Cloud) operating system. CVSS Scor...
  
  Started by: saanidhyadwivedi in: Cyber Bulletin
- 1
- 1
- saanidhyadwivedi
- SecPod Cyber Bulletin 29th Issue Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...
  
  Started by: saanidhyadwivedi in: Cyber Bulletin
- 1
- 1
- saanidhyadwivedi
- SecPod CyberBulletin 29th Issue Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...
  
  Started by: saanidhyadwivedi in: Security Intelligence
- 1
- 1
- saanidhyadwivedi
- CVE-2024-47089: Unauthorized Transaction Manipulation Vulnerability This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modificat...This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modificat...
  
  Started by: Community Manager in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- Community Manager
- Key Vulnerabilities and Threats Up to September 15th Windows MSHTML Zero-Day Vulnerability The Windows MSHTML platform spoofing vulnerability, CVE-2024-43461, which affects all supported Windows versions, is exploited in the wild. CVSS Score: 8.8 Cisco Web-Based Management Interface Vulnerability The flaw tracked as CVE-2024-20381 allows authentica...Windows MSHTML Zero-Day Vulnerability The Windows MSHTML platform spoofing vulnerability, CVE-2024-43461, which affects all supported Windows versions, is exploited in the wild. CVSS Score: 8.8 Cisco Web-Based Management Interface Vulnerability The flaw tracked as CVE-2024-20381 allows authentica...
  
  Started by: Community Manager in: Cyber Bulletin
- 1
- 1
- Community Manager
- Microsoft Addresses 79 Flaws, 4 Zero Days in September 2024 Patch Tuesday September's coming in hot! Out of the 79 vulnerabilities it has under its belt, 4 are zero-days, and each zero-day is known to have been actively exploited. Luckily, Microsoft has saved us all from impending calamity once more and released patches for them all. The most popular vulnerability catego...September's coming in hot! Out of the 79 vulnerabilities it has under its belt, 4 are zero-days, and each zero-day is known to have been actively exploited. Luckily, Microsoft has saved us all from impending calamity once more and released patches for them all. The most popular vulnerability catego...
  
  Started by: Community Manager in: Critical Vulnerability and Exploit Exchange
- 1
- 1
- Community Manager

Viewing 15 topics - 16 through 30 (of 108 total)

← 1 2 3 … 6 7 8 →