Car Repair Services & Auto Mechanic Security Vulnerabilities

RHEL 6 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution,...

RHEL 7 : apache-commons-compress (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.17 Security update (Important) (RHSA-2024:3560)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3560 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 7 : openslp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openslp: memory corruption due to possible overflow in SLPFoldWhiteSpace in common/slp_compare.c ...

RHEL 8 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) nss: Information exposure...

RHEL 5 : axis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...

RHEL 8 : apache-commons-compress (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...

RHEL 7 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. log4j: Socket receiver deserialization vulnerability (CVE-2017-5645) Prior to Apache Commons Net 3.9.0,...

RHEL 5 : sssd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sssd: information leak from the sssd-sudo responder (CVE-2018-10852) The System Security Services Daemon...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei...

RHEL 8 : nodejs : (RHSA-2024:3553)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3553 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...

RHEL 8 : python-idna (RHSA-2024:3552)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3552 advisory. Security Fix(es): * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable...

RHEL 7 : shotwell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. shotwell: TLS certificates are not validated when publishing photos to external services (CVE-2016-1000033) Note...

RHEL 6 : axis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.17 Security update (Important) (RHSA-2024:3561)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3561 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 6 : sssd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sssd: information leak from the sssd-sudo responder (CVE-2018-10852) sssd versions from 1.13.0 to before...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

RHEL 8 : kernel (RHSA-2024:3529)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3529 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.17 Security update (Important) (RHSA-2024:3559)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3559 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) Vulnerability

...

ORing IAP-420 2.01e Cross Site Scripting / Command Injection Vulnerabilities

...

The Ticketmaster Data Breach May Be Just the Beginning

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Bulk Scanner CVE-2024-24919 [Check Point...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Mass Auto Scanner for CVE-2024-24919 This script is designed to...

CVE-2024-1324

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for...

CVE-2024-1324

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for...

CVE-2024-1324 QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

...

CVE-2024-5176

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and...

CVE-2024-5176

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and...

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....

CVE-2024-36108

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...

CVE-2023-7073

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...

CVE-2023-7073

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...

CVE-2024-36108

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...

CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...

CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

Beyond Threat Detection – A Race to Digital Security

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created...