7.4AI Score
0.0004EPSS
A flaw was found in Apache Solr. In the affected versions, ConfigSets accept uploading Java jar and class files through the ConfigSets API. When backing up Solr Collections, these ConfigSet files are saved to the disk when using the LocalFileSystemRepository (the default for backups). If the...
8.8CVSS
7.3AI Score
0.871EPSS
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
8.8AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.5AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
8.7AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
9.1AI Score
0.871EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.5AI Score
0.0005EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.4AI Score
0.0005EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.3AI Score
0.0005EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.6AI Score
0.0005EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
6.8AI Score
0.0005EPSS
InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure
Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via...
5.9CVSS
7.5AI Score
0.0004EPSS
Backuply - Backup, Restore, Migrate and Clone < 1.2.6 - Unauthenticated Denial of Service
Description The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make...
7.5CVSS
7AI Score
0.0005EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
8.8CVSS
8.9AI Score
0.871EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...
9.8CVSS
9.5AI Score
EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back
The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the...
7.2AI Score
(RHSA-2024:0720) Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.4 ZIP artifacts Security Fix(es): apache-ivy: XML External Entity vulnerability (CVE-2022-46751) follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159) For more details about the security...
7.3AI Score
0.001EPSS
(RHSA-2024:0719) Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.4 Images Security Fix(es): nodejs-semver: Regular expression denial of service (CVE-2022-25883) jackson-databind: denial of service via cylic dependencies (CVE-2023-35116) For more details about the security issue(s), including the impact, a CVSS score,...
7.3AI Score
0.027EPSS
This Week in Spring - February 6th
Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC (1 Billion Row Challenge).....
7.2AI Score
Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008
The Migrate Tools module provides tools for running and managing Drupal migrations. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an attacker to trick an authenticated administrator into initiating a migration. This vulnerability is...
6.9AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0711 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.8CVSS
7.7AI Score
0.001EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0710 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.8CVSS
7.7AI Score
0.001EPSS
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.8CVSS
7.7AI Score
0.001EPSS
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup...
8.8CVSS
8.5AI Score
0.0005EPSS
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup...
8.8CVSS
8.4AI Score
0.0005EPSS
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup...
8.8CVSS
7.1AI Score
0.0005EPSS
(RHSA-2024:0712) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug...
6.8AI Score
0.001EPSS
(RHSA-2024:0711) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug...
6.8AI Score
0.001EPSS
(RHSA-2024:0710) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug...
6.8AI Score
0.001EPSS
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Pallets Werkzeug, urlib3 and Cryptography which include denial of service and obtain sensitive information, as described by the CVEs in the "Vulnerability Details" section. These...
8CVSS
7.2AI Score
0.001EPSS
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup...
8.7AI Score
0.0005EPSS
Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2024-515)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-515 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability...
4.9CVSS
5.8AI Score
0.001EPSS
Amazon Linux 2 : squid (ALAS-2024-2433)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2433 advisory. Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a...
6.5CVSS
6.5AI Score
0.009EPSS
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...
7.1AI Score
0.0004EPSS
Amazon Linux 2 : squid (ALAS-2024-2445)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2445 advisory. Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1...
8.6CVSS
6.4AI Score
0.005EPSS
Amazon Linux AMI : squid (ALAS-2024-1916)
The version of squid installed on the remote host is prior to 3.5.20-17.54. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1916 advisory. Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1...
8.6CVSS
6.4AI Score
0.005EPSS
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
8.1CVSS
7.8AI Score
0.001EPSS
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
7.5CVSS
7.9AI Score
0.001EPSS
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
7.5CVSS
6.8AI Score
0.001EPSS
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain...
5.3CVSS
6.1AI Score
0.001EPSS
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain...
5.3CVSS
7AI Score
0.001EPSS
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
8.1CVSS
8.1AI Score
0.001EPSS
Exploring the (Not So) Secret Code of Black Hunt Ransomware
It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...
8.2AI Score
7.2AI Score
[SECURITY] [DLA 3733-1] rear security update
Debian LTS Advisory DLA-3733-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 03, 2024 https://wiki.debian.org/LTS Package : rear Version : 2.4+dfsg-1+deb10u1 CVE ID :...
5.5CVSS
5.3AI Score
0.0004EPSS