Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming?...
7.3AI Score
7.8CVSS
7.2AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.935EPSS
Percona XtraBackup vulnerability
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages percona-xtrabackup - Open source backup tool for InnoDB and XtraDB Details It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code...
7.8CVSS
7.6AI Score
0.0004EPSS
WordPress Backup & Migration < 1.4.9 - Missing Authorization to Directory Traversal
Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber...
4.3CVSS
6.7AI Score
0.0004EPSS
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.6AI Score
0.0004EPSS
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.7AI Score
0.0004EPSS
CVE-2024-29965 Insecure backup
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.8AI Score
0.0004EPSS
CVE-2024-29965 Insecure backup
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.8AI Score
0.0004EPSS
Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...
8.4CVSS
7.9AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
Summary Vulnerability in sendmail could allow a remote attacker to spoof an email (CVE-2023-51765). Vulnerability Details ** CVEID: CVE-2023-51765 DESCRIPTION: **Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a...
5.3CVSS
6.9AI Score
0.002EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Introduction In today's tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in....
8.1AI Score
(RHSA-2024:1925) Moderate: Migration Toolkit for Containers (MTC) 1.8.3 security and bug fix update
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: axios: exposure of...
7.1AI Score
0.963EPSS
Recover from Ransomware in 5 Minutes—We will Teach You How!
Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest....
7AI Score
Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
(RHSA-2024:1924) Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.5 ZIP artifacts Security Fix(es): commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.3AI Score
0.001EPSS
(RHSA-2024:1923) Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.5 Images Security Fix(es): vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308) For more details about the security issue(s),...
7.2AI Score
0.963EPSS
Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Guest File Restore from Backup of Linux on Power Machine Fails to Mount
Linux on Power uses a block size of 64 KiB for the BTRFS file system, which cannot be mounted by 64-bit Linux operating systems, which typically use a 4KiB block...
7.1AI Score
Backup fails with: "The system cannot find the file specified." or "The device is not ready."
If the shadow copy fails to be created or is unexpectedly removed during the backup operation the backup job will...
7.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....
7.4CVSS
6.1AI Score
0.0004EPSS
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects...
8.1CVSS
5.7AI Score
0.0005EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...
5.4AI Score
0.0004EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...
7.6AI Score
0.0004EPSS
CVE-2024-2309 WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...
5.5AI Score
0.0004EPSS
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.7AI Score
0.0004EPSS
Oracle Primavera Unifier (April 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as...
8.8CVSS
7.2AI Score
0.871EPSS
How to Change Initial Management Port for Veeam Plug-in for Oracle RMAN and Microsoft SQL
This article documents how to change the default port used by the Plugin Manager (6791) for: Veeam Plug-in for Oracle RMAN and Veeam Plug-in for Microsoft SQL...
7.4AI Score
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from...
7.3AI Score
0.963EPSS
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.Two preconditions are needed to trigger the bug:1. The administrator decides to remove an ACL2. The resource associated with the removed ACL continues to have two or....
6.4AI Score
0.0004EPSS
This repo is made to reproduce fuzzing and analysis process of...
5.5CVSS
6AI Score
0.0004EPSS
Exploit for OS Command Injection in Issabel Pbx
Issabel PBX 4.0.0 Remote Code Execution (Authenticated) -...
8.4AI Score
Oracle Critical Patch Update Advisory - April 2024
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches...
10CVSS
8.7AI Score
EPSS
Failed to upgrade host components. Error 1920.Service Veeam WAN Accelerator Service failed to start.
Veeam Support Knowledge Base answer to: Failed to upgrade host components. Error 1920.Service Veeam WAN Accelerator Service failed to...
7.1AI Score
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...
6.5AI Score
0.0004EPSS
Navigating the EU NIS2 Directive
How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple...
7.6AI Score
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
6.7AI Score
0.0004EPSS
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
7.5AI Score
0.0004EPSS
CVE-2024-3783 Path Traversal vulnerability in WBSAirback
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3783 Path Traversal vulnerability in WBSAirback
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through...
5.4CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through...
5.4CVSS
5.7AI Score
0.0004EPSS
Apache Kafka is vulnerable to Incorrect Access Control. The vulnerability is due to an error in ACL management during ZK to KRaft mode migration, specifically when an ACL is removed while two or more other ACLs remain associated with the same resource. This condition results in Kafka treating the.....
7AI Score
0.0004EPSS
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
9.2AI Score
0.0004EPSS
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
6.4AI Score
0.0004EPSS
CVE-2023-7201 Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
6.7AI Score
0.0004EPSS