Fortinet FortiSandbox Path Traversal Vulnerability (CNVD-2024-21266)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...

Moderate: Red Hat Security Advisory: VolSync 0.9.1 security fixes and enhancements

VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Malicious code in @lbnqduy11805/psychic-waffle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283930fe8d814ee74e54a0c5c9840cfb9db19835aeb82c67a360d39407e4132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @lbnqduy11805/stunning-fishstick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b1698a95126b49cf4de64fe4eb7992fc33dc6fd9d81197fa0bc6ac1bece66f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of microprogramming software for Intel Optane PMem 100 Series persistent memory modules, related to access segmentation deficiencies, allows attackers to exploit their privileges.

The vulnerability of microprogramming software for Intel Optane PMem 100 Series persistent memory modules is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2023-50821

A vulnerability has been identified in SIMATIC PCS 7 V9.1 All versions V9.1 SP2 UC04, SIMATIC WinCC Runtime Professional V17 All versions V17 Update 8, SIMATIC WinCC Runtime Professional V18 All versions V18 Update 4, SIMATIC WinCC Runtime Professional V19 All versions V19 Update 1, SIMATIC WinCC...

CVE-2023-50821

CVE-2023-50821 affects Siemens SIMATIC WinCC/PCS 7 products (various V9.1/V17/V18/V19/V7.5/V8.0 lines). The root cause is improper validation of input in the login dialog, described as a classic buffer overflow in some sources, enabling a local attacker to cause a persistent denial-of-service con...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A path traversal vulnerability exists in Fortinet FortiSandbox, which stems fr...

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

UBUNTU-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-26813 vfio/platform: Create persistent IRQ handlers

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

BIT-ZOOKEEPER-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

From ChatBot To SpyBot: ChatGPT Post Exploitation

In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...

Sensitive Information Disclosure

Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher i...

GHSA-R978-9M6M-6GM6 Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

DEBIAN-CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...