WordPress Backup & Migration Security Vulnerabilities
Fedora: Security Advisory for rear (FEDORA-2024-a2f6e5ddb8)
The remote host is missing an update for...
5.5CVSS
5.7AI Score
0.0004EPSS
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
5.9CVSS
6.1AI Score
0.0004EPSS
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)...
6.7AI Score
0.0004EPSS
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)...
6.5AI Score
0.0004EPSS
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)...
6.8AI Score
0.0004EPSS
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)...
6.8AI Score
0.0004EPSS
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....
9.8CVSS
8.2AI Score
0.57EPSS
Backup Bolt < 1.4.0 - Sensitive Data Exposure
Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. PoC Access the error log....
9.2AI Score
0.0004EPSS
InstaWP Connect < 0.1.0.9 - Authenticated (Subscriber+) Remote Code Execution
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the...
9.9CVSS
7.6AI Score
0.0004EPSS
Backup Bolt < 1.4.0 - Sensitive Data Exposure
Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive...
9.3AI Score
0.0004EPSS
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree...
4.7CVSS
4.5AI Score
0.0004EPSS
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree...
4.7CVSS
4.5AI Score
0.0004EPSS
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree...
4.7CVSS
6.7AI Score
0.0004EPSS
CVE-2024-1343 Weak permission vulnerability in LaborOfficeFree
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree...
4.7CVSS
4.9AI Score
0.0004EPSS
Path Traversal in Confluence Data Center
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact.....
8.3CVSS
8.3AI Score
0.0004EPSS
6.8AI Score
EPSS
7.4AI Score
EPSS
How Businesses Can Safeguard Their Communication Channels Against Hackers
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer...
9.8CVSS
9.5AI Score
0.074EPSS
9.8CVSS
9.9AI Score
0.96EPSS
How to Move Backup Data for a File Backup or Object Storage Backup to a Different Repository
This article documents the procedure for migrating backup data created by an unstructured data backup job (File Backup or Object Storage Backup ) from one backup repository to another backup repository so that the job can resume incremental backup operations using the new...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...
10CVSS
9AI Score
0.154EPSS
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user.....
9.1CVSS
7.7AI Score
0.001EPSS
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user.....
9.1CVSS
9.7AI Score
0.001EPSS
Siemens SCALANCE SC-600 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
7.8AI Score
0.002EPSS
Due to a change in the Veeam Agent for Microsoft Windows 6.1 installer, when upgrading from version 5 or older, the database migration process will fail if .NET 4.7.2 is not...
7AI Score
Migrating Veeam Backup & Replication from Socket to Veeam Universal License (VUL) Licensing
Migrating Veeam Backup & Replication from Socket to Veeam Universal License (VUL)...
7.1AI Score
Red Hat Advanced Cluster Management for Kubernetes 2.8.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments....
7.4AI Score
0.963EPSS
PINs for Cryptography with Hardware Secure Elements
I'm a big fan of technologies that enable otherwise impossible security properties and user experiences, like cryptography often can. One such technology is hardware secure elements. Here's a thing you can't do with cryptography: encrypt data securely with a low-entropy secret, like a PIN. If a...
6.5AI Score
Agent is managed by another Veeam server
Configuration data within the machine where Veeam Agent is installed indicates which Veeam Backup Server manages...
7.1AI Score
RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....
8AI Score
Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling...
7.4AI Score
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
6.5CVSS
7.1AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
This Week in Spring - February 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...
7.2AI Score
6.5CVSS
6.8AI Score
0.001EPSS
Apache Solr is vulnerable to Unrestricted File Upload. The vulnerability is due to the ConfigSets API accepting and uploading jar/class files without proper restriction of file type. When backing up Solr Collections, the configSet files will be saved to disk, but if the backup directory is...
8.8CVSS
6.5AI Score
0.871EPSS
4 Ways Hackers use Social Engineering to Bypass MFA
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It...
7.7AI Score
U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person....
7.5AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
9.8CVSS
10AI Score
0.001EPSS
LaborOfficeFree 19.10 MySQL Root Password Calculator Exploit
LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10...
6.8CVSS
7.2AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:...
9.8CVSS
9.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
7.4AI Score
0.0004EPSS
A flaw was found in Apache Solr. In the affected versions, ConfigSets accept uploading Java jar and class files through the ConfigSets API. When backing up Solr Collections, these ConfigSet files are saved to the disk when using the LocalFileSystemRepository (the default for backups). If the...
8.8CVSS
7.3AI Score
0.871EPSS
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
8.8AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.5AI Score
0.871EPSS