BIT-hubble-ui-backend-2024-28860
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
8CVSS
7.5AI Score
0.0004EPSS
juz-einstein.de Cross Site Scripting vulnerability OBB-3939821
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....
8.8CVSS
8.6AI Score
0.0004EPSS
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...
8.2CVSS
8.3AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary.....
5.5CVSS
5.4AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
7.3CVSS
7.1AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
7.2CVSS
6.6AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be.....
5.3CVSS
5.2AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
5.3CVSS
5.1AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels.....
9CVSS
9AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations (in Cilium >= v1.13) or io.cilium.proxy-visibility annotations (in.....
3.5CVSS
3.7AI Score
0.0004EPSS
stuco.hu Cross Site Scripting vulnerability OBB-3939820
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other....
8.1CVSS
7.9AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being...
7.2CVSS
6.9AI Score
0.001EPSS
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source....
8.8CVSS
6.7AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
8CVSS
7.5AI Score
0.0004EPSS
stuco.com Cross Site Scripting vulnerability OBB-3939819
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Model Extraction from Neural Networks
A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...
7.2AI Score
duplo-frank.de Cross Site Scripting vulnerability OBB-3939818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stuco.ch Cross Site Scripting vulnerability OBB-3939816
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...
6.7AI Score
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It...
8.1CVSS
8.8AI Score
EPSS
7.7AI Score
EPSS
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
8.2AI Score
EPSS
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to...
6.3AI Score
0.0004EPSS
It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper...
8.1CVSS
8.3AI Score
EPSS
vrecenze.cz Cross Site Scripting vulnerability OBB-3939808
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
directory-online.biz Cross Site Scripting vulnerability OBB-3939807
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...
8.1CVSS
9.2AI Score
EPSS
CosmicSting: critical unauthenticated XXE vulnerability in...
9.8CVSS
10AI Score
0.038EPSS
blitzwolfeurope.com Cross Site Scripting vulnerability OBB-3939804
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....
10CVSS
8.4AI Score
0.003EPSS
londonwarmemorial.co.uk Cross Site Scripting vulnerability OBB-3939803
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.9AI Score
0.0004EPSS
au-magasin-de-velo.fr Cross Site Scripting vulnerability OBB-3939802
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...
5.3CVSS
5.2AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by cross-site scripting vulnerability due to servlet-6.0 feature enabled in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3...
4.7CVSS
5.7AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...
4.3CVSS
6AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input...
6.5AI Score
0.0004EPSS
CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. Vulnerability Details ** CVEID:...
5.9CVSS
6.9AI Score
0.963EPSS
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality caused by timing-side channel attack in RSA based key exchange methods used in crypto/tls. Vulnerability Details ** CVEID: CVE-2023-45287 DESCRIPTION: **Golang Go could...
7.5CVSS
6.3AI Score
0.001EPSS
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296. This bulletin...
6.8CVSS
8.5AI Score
0.014EPSS
Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...
7.5CVSS
6.9AI Score
0.0005EPSS
It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993,...
5.5CVSS
7.4AI Score
0.001EPSS
[SECURITY] [DLA 3855-1] pdns-recursor security update
Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...
7.5CVSS
6.9AI Score
0.006EPSS
A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has....
6.3CVSS
0.0004EPSS