CVE-2024-21320

creationtimestamp| type| source ---|---|--- 2024-01-19 17:29:47+00:00| seen| https://t.me/arpsyndicate/2945 2024-03-19 13:05:26+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6816 2024-03-26 02:03:18+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10110...

EulerOS Virtualization 2.10.1 : dhcp (EulerOS-SA-2023-3493)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it ha...

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-2930)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it h...

EulerOS 2.0 SP9 : dhcp (EulerOS-SA-2023-3327)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent...

EulerOS Virtualization 3.0.6.0 : bind (EulerOS-SA-2023-3419)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it h...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2023-3113)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sen...

EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2023-2949)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it h...

Improper Authorization

gitlab:sid is a vulnerable of improper authorization. The vulnerability due to effect of GitLab CE/EE and it does not performs an authorization check when an actor attempts to access. It leads to improper authorization by allow an attacker to leak the owner's Sentry instance projects...

CVE-2023-51442

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023

It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligenc...

Remote code execution

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

CVE-2023-46348

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...

CVE-2023-46348

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...

Sensitive Information Disclosure

laf-client-sdk is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to directly inserting env variables into the the template while constructing the deployment instance of the app. Sensitive information in the secret and configmap can be read through the k8s envFrom...

CVE-2023-48225

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

Code injection

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

Information disclosure

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...