2348 matches found
Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response
Wiz assists Incident Response IR and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources...
DEBIAN-CVE-2024-31458
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...
UBUNTU-CVE-2024-31458
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...
PT-2024-20385 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36848 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=1.2.1 <=5.3.33)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22262 Source advisory: OSV:GHSA-2WRP-6FG6-HMC5...
CVE-2024-32001
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...
CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...
CVE-2024-32001
Summary: CVE-2024-32001 affects SpiceDB. A bug in relations of the form folder: folder | folder#parent, when the same subject type is used multiple times and an arrow is used over the relation, can cause LookupSubjects to return only a subset of subjects. This affects any user making a negative a...
grafana security and bug fix update
An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...
CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
UBUNTU-CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380 XSS in graph rendering
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380 XSS in graph rendering
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380
CVE-2024-2380 affects Checkmk prior to version 2.3.0b4, with a stored XSS vulnerability in the graph rendering component. The root cause is an XSS flaw in how graphs are rendered, potentially allowing an attacker to inject script via graph data. Mitigation is to upgrade to 2.3.0b4 or later (per d...
PT-2024-20091 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0b4 Description: The issue is related to stored XSS in graph rendering. Recommendations: For versions prior to 2.3.0b4, update to version 2.3.0b4 or later to resolve the issue...
PT-2024-22926 · Boldgrid · Boldgrid Easy Seo
Name of the Vulnerable Software and Affected Versions: The BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.14 Description: The issue allows unauthenticated attackers to view the first 130 characters of a password-protected post, which can contain sensitive information, v...
Missing Authentication
apacheairflow is vulnerable to Missing Authentication. The vulnerability due to lack of authentication enforcement on the lineage endpoint of the deprecated Experimental API, allows unauthenticated users to access the endpoint, potentially exposing metadata about a Directed Acyclic Graph DAG and...