Lucene search

K

Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud) Security Vulnerabilities

cve
cve

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

7.5AI Score

EPSS

2024-06-16 10:15 PM
nvd
nvd

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

EPSS

2024-06-16 10:15 PM
2
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
175
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

7.5AI Score

2024-06-16 09:08 PM
158
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

6.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
52
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

6.5AI Score

0.0004EPSS

2024-06-16 09:08 PM
10
wolfi
wolfi

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

6.1CVSS

7.3AI Score

0.001EPSS

2024-06-16 09:08 PM
91
wolfi
wolfi

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

6.7AI Score

0.0004EPSS

2024-06-16 09:08 PM
27
wolfi
wolfi

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
39
wolfi
wolfi

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.5AI Score

2024-06-16 09:08 PM
25
wolfi
wolfi

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

5.9CVSS

7.1AI Score

0.962EPSS

2024-06-16 09:08 PM
129
wolfi
wolfi

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.5AI Score

2024-06-16 09:08 PM
21
wolfi
wolfi

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.5AI Score

2024-06-16 09:08 PM
24
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

7.5AI Score

2024-06-16 09:08 PM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

6.5AI Score

0.0004EPSS

2024-06-16 09:08 PM
8
wolfi
wolfi

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

7.5CVSS

8.4AI Score

0.002EPSS

2024-06-16 09:08 PM
48
wolfi
wolfi

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.5AI Score

2024-06-16 09:08 PM
20
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

7.5AI Score

2024-06-16 09:08 PM
2
wolfi
wolfi

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

7.5AI Score

2024-06-16 09:08 PM
16
wolfi
wolfi

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

7.5AI Score

2024-06-16 09:08 PM
24
wolfi
wolfi

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

7.5AI Score

2024-06-16 09:08 PM
43
wolfi
wolfi

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
17
wolfi
wolfi

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.5AI Score

2024-06-16 09:08 PM
19
wolfi
wolfi

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

7.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
17
wolfi
wolfi

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

5.9AI Score

0.0004EPSS

2024-06-16 09:08 PM
17
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

7.5AI Score

2024-06-16 09:08 PM
2
cbl_mariner
cbl_mariner

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16. No patch is available...

6.5CVSS

7AI Score

0.001EPSS

2024-06-16 09:08 PM
2
cbl_mariner
cbl_mariner

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

7.5CVSS

8.4AI Score

0.004EPSS

2024-06-16 09:08 PM
1
cbl_mariner
cbl_mariner

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

7.4CVSS

8.4AI Score

0.003EPSS

2024-06-16 09:08 PM
1
cbl_mariner
cbl_mariner

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

5.9CVSS

8.4AI Score

0.002EPSS

2024-06-16 09:08 PM
cbl_mariner
cbl_mariner

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

7.5CVSS

9AI Score

0.001EPSS

2024-06-16 09:08 PM
1
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12. A patched version of the package is...

7.5CVSS

8.2AI Score

0.732EPSS

2024-06-16 09:08 PM
cbl_mariner
cbl_mariner

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-16 09:08 PM
2
kitploit
kitploit

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

7.2AI Score

2024-06-16 05:16 PM
7
wired
wired

How to Spot a Business Email Compromise Scam

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here’s what do to when a bad actor lands in your...

7.2AI Score

2024-06-16 12:00 PM
2
thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
5
cvelist
cvelist

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

6.7AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

6.5AI Score

0.0004EPSS

2024-06-16 12:00 AM
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
163
githubexploit
githubexploit

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

7.8AI Score

EPSS

2024-06-15 04:44 PM
39
nuclei
nuclei

Gradio > 4.19.1 UploadButton - Path Traversal

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton...

7.5CVSS

6.4AI Score

0.0004EPSS

2024-06-15 12:36 PM
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
12
thn
thn

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....

6.8AI Score

2024-06-15 07:49 AM
2
nessus
nessus

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

9.9CVSS

8.2AI Score

0.938EPSS

2024-06-14 07:09 PM
1
malwarebytes
malwarebytes

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

7.7AI Score

2024-06-14 04:29 PM
5
nvd
nvd

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
9
cve
cve

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
11
Total number of security vulnerabilities248679