Aggregator

A vulnerability has been found in mintplex-labs anything-llm 0.0.1/0.1.0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-3279. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in bdthemes Element Pack Elementor Addons Plugin up to 5.7.2 on WordPress. This affects an unknown part of the component Attribute Handler. The manipulation of the argument title_tag leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-4360. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in NVIDIA Mellanox OS, Skyway, MetroX-3 XC and MetroX-2. Affected by this issue is some unknown functionality of the component URI Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is handled as CVE-2024-0113. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Samsung Electronics MagicINFO 9 Server. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-7399. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Embracing a just-in-time and just-enough privilege approach that harnesses context and automation can remove the tension between security and productivity, enabling teams to run faster without compromising on security standards.

The post Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Elastic Agent up to 8.14.x. Affected is an unknown function of the file elastic-agent.yml. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2024-37283. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Red Hat OpenShift AI and OpenShift Data Science. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-7557. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in N-able Ecosystem Agent. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2024-5445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA CV-CUDA 0.1.x - v0.9.x on Ubuntu. It has been classified as problematic. This affects an unknown part of the component Python API. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2024-0115. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Microsoft Office and 365 Apps for Enterprise and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-38200. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Microsoft Edge and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTML Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-38218. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Edge. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2024-38219. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A recent research presentation at Black Hat USA 2024 revealed architectural vulnerabilities within the Apache HTTP Server, a widely used web server software. The research highlights several technical debts within Httpd, including three types of Confusion Attacks, nine new vulnerabilities, 20 exploitation techniques, and over 30 case studies. Apache HTTP Server operates through a modular […]

The post Confusion Attacks in Apache HTTP Server Let Attackers Gain Root Access Remotely appeared first on Cyber Security News.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Eduardo Braun Prado' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N severity vulnerability discovered by 'st4nly0n' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2024-08-09, 63 days ago. The vendor is given until 2024-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Навязанный аудит безопасности побудил платформу пересмотреть свои защитные механизмы.