Linux Distros Unpatched Vulnerability : CVE-2024-36886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page sam4k working with Trend Micro Zero Day Initiative...

CVE-2024-28990

SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...

CVE-2024-28990

SolarWinds ARM contains a hard-coded credential authentication bypass (CVE-2024-28990) that could allow access to the RabbitMQ management console. The vulnerability affects ARM versions prior to 2024.3.1, and remediation is available in ARM 2024.3.1 (as referenced by multiple sources). No exploit...

CVE-2024-28990 SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability

SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...

CVE-2024-45346 GetApps application has code execution vulnerability

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

CVE-2024-45346 GetApps application has code execution vulnerability

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

CVE-2024-45346

CVE-2024-45346 affects Xiaomi GetApps. Connected sources indicate a code execution vulnerability in GetApps, linked to bypassing authentication logic. The CVSS-style metrics in the initial document show high impact (C, I, A = High) with network attack vector and user interaction required. Public ...

CVE-2024-36886 tipc: fix UAF in error path

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page sam4k working with Trend Micro Zero Day Initiative reported a UAF in the tipcbufappend error path: BUG: KASAN: slab-use-after-free in kfreeskblistreason+0x47e/0x4c0 linux/net/core/skbuff.c:118...

SolarWinds ARM < 2023.2.4 (2023-2-4_CVE-2024-23473)

The version of SolarWinds ARM installed on the remote host is prior to 2023.2.4. It is, therefore, affected by a vulnerability as referenced in the 2023-2-4 advisory. - The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If...

CVE-2024-28075

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating wit...

CVE-2024-23473 SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating with...

CVE-2024-23473 SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating with...

CVE-2024-23473

CVE-2024-23473 affects SolarWinds Access Rights Manager (ARM). The connected documents describe a hard-coded credential authentication bypass that allows remote access to the RabbitMQ management console. The vulnerability arises from the RabbitMQ configuration using hard-coded credentials, enabli...

Delta Electronics InfraSuite Device Master

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote...

Softing edgeConnector

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Low attack complexity Vendor : Softing Equipment : edgeConnector Vulnerabilities : Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions...

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

Fedora 39 : wordpress (2024-2b30739a76)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2b30739a76 advisory. WordPress 6.4.3 Maintenance and Security release See upstream announcement Security updates included in this release m4tuto for finding a PHP File Upload...

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 CVSS score: 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/R...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...