CVE-2024-47125 Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols...

CVE-2024-20350

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

CVE-2024-20350 Cisco Catalyst Center Static SSH Host Key Vulnerability

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

Server-Side Request Forgery (SSRF)

litellm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation or restriction on the apibase parameter in POST /chat/completions, allowing a malicious user to intercept the OpenAI API key by redirecting requests to their own domain...

CVE-2024-45101

A privilege escalation vulnerability was discovered when Single Sign On SSO is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL...

CVE-2024-45101

The CVE-2024-45101 issue affects Lenovo XClarity Administrator (LXCA) where enabling Single Sign-On (SSO) can lead to privilege escalation by intercepting a valid authenticated user’s XCC session. The vulnerability arises when a user is tricked into clicking a specially crafted URL, enabling an a...

CVE-2024-45101

A privilege escalation vulnerability was discovered when Single Sign On SSO is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL...

CVE-2024-6587 SSRF in berriai/litellm

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

CVE-2024-6587 SSRF in berriai/litellm

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination wit...

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which stems fro...

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations...

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations...

CVE-2024-40714

CVE-2024-40714 is an improper TLS certificate validation vulnerability in Veeam Backup & Replication 12.x (affected versions before 12.2.0.334). An attacker on the same network could intercept credentials during restore operations. Remediation per Veeam KB4649: upgrade to 12.2.0.334 (or later). C...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.1.2.172 and prior versions 12, which originates from incorrectly validating TLS certificates, allowing an attacker on the same network to...

CVE-2024-45005

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

DEBIAN-CVE-2024-45005

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...