Command injection

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller PLC, PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

CVE-2024-23652

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...

Design/Logic Flaw

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

CVE-2024-23653

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

CVE-2024-23650

CVE-2024-23650 affects BuildKit-related tooling across multiple ecosystems. According to connected documents, affected packages include moby-engine (<24.0.9-14), moby-compose (<2.17.3-5), docker-compose (<2.27.0-1), and docker-buildx (

CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

PT-2024-6308 · Xen +2 · Xen +2

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the incorrect placement of a preprocessor directive in the source code, which results in logic that doesn't operate as intended when support for HVM guests is compiled o...

MachineSense FeverWarn Access Control Error Vulnerability

MachineSense FeverWarn is a temperature detection device from MachineSense. MachineSense FeverWarn suffers from an access control error vulnerability. An attacker could exploit the vulnerability to view source code, secret credentials, and more...

PT-2024-1434 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The cloud provider...

CVE-2023-50944

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

PYSEC-2024-14

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

CVE-2023-50944

CVE-2023-50944 affects Apache Airflow prior to 2.8.1. An authenticated user can access the source code of a DAG to which they do not have access, resulting in information disclosure. The vulnerability is described as low severity (CVSS 3.1 base score 6.5) due to the need for authentication. No ex...

PT-2024-1305 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to a lack of authorization in Apache Airflow, allowing an authenticated user to access the source code of a DAG they do not have access to. This issue is considered low...

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware...

WordPress plugin ark-commenteditor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest...

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at Avast for inclusion in the Avast Babuk decrypto...