Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: conftest, gitlab-pages, gatekeeper, slsa-verifier, weaviate, flux-source-controller, telegraf, argo-cd, neuvector-agent, vault-csi-provider, grype, tctl, dynamic-localpv-provisioner, nvidia-device-plugin, pulumi-language-yaml, external-dns, envoy-ratelimit,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: cue, conftest, slsa-verifier, ingress-nginx-controller, tctl, pulumi-language-yaml, envoy-ratelimit, flux-kustomize-controller, gitness, ko, nginx-stable, fuse-overlayfs-snapshotter, mc, kubernetes-csi-external-attacher, falco, calico, hugo, keda, nats, pulumi,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: eksctl, flux-helm-controller, chartmuseum, cert-manager, k9s, cilium-cli, flux-source-controller, helm-push, kots, kubescape, up, istio-operator, zot, k8sgpt, trivy, helm-operator,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: cue, conftest, ipfs, terraform-docs, node-feature-discovery, wait-for-port, mage, newrelic-infra-operator, harbor-cli, mkcert, flannel, vault-k8s, zot, pulumi-language-yaml, gostatsd, certificate-transparency, delve, render-template, croc, flux-kustomize-controller,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: argo-workflows, slsa-verifier, ctop, dagger, telegraf, zot, docker-credential-gcr, scorecard, traefik, gitsign, policy-controller, timoni, flux-helm-controller, guac, kubescape, loki, datadog-agent, kubevela, cri-tools, nerdctl, k8sgpt, helm-operator, kargo, kyverno,.....

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user....

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

Fedora 40 : thunderbird (2024-748bedc96c)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-748bedc96c advisory. Update to 115.12.0 * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ *...

Fedora 40 : booth (2024-8a545718b1)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8a545718b1 advisory. Security fix for CVE-2024-3049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Debian dsa-5712 : ffmpeg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

Exploit for OS Command Injection in Php

CVE-2024-4577 In PHP when using Apache and PHP-CGI on...

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

CVE-2024-6015

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6015

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6015 itsourcecode Online House Rental System manage_user.php sql injection

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

CVE-2024-6014 itsourcecode Document Management System edithis.php sql injection

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

CVE-2024-6013

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-6013

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-6009

A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6009

A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6013 itsourcecode Online Book Store admin_delete.php sql injection

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-6009 itsourcecode Event Calendar process.php regDelete sql injection

A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6008

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-6008

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-6008 itsourcecode Online Book Store edit_book.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...