Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud) Security Vulnerabilities

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16. No patch is available...

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12. A patched version of the package is...

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

How to Spot a Business Email Compromise Scam

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here’s what do to when a bad actor lands in your...

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

Gradio > 4.19.1 UploadButton - Path Traversal

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton...

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....