Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Gasmark Pro 1.0 Shell Upload

Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#apple#git#php#rce#auth#chrome#webkit
Nokia BMC Log Scanner 13 Command Injection

Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.

vm2 3.9.19 Sandbox Escape

vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow

NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

By Deeba Ahmed 40% of 2024 CVEs Missing Key Info: NVD Data Gap Raises Security Risks! This is a post from HackRead.com Read the original post: NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

A week in security (March 11 – March 17)

A list of topics we covered in the week of March 11 to March 17 of 2024

Red Hat Advanced Cluster Security 4.4: What’s included

The Red Hat Advanced Cluster Security (RHACS) engineering team is excited to announce the pending release of the latest RHACS version, packed with brand-new features and updates. The team continues to build on the 4.0 major release and RHACS Cloud Service announcements last year with a feature-packed release to kick off 2024. The RHACS 4.4 release will focus on increased consistency of scan results, strengthened security posture management, and more automated security features to alleviate monotonous security tasks.Significant updates include:A new vulnerability scanner termed “Scanner V4”

GHSA-5vcc-86wm-547q: Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

GHSA-hgjh-9rj2-g67j: Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.