CVE-2023-4509

It is possible for an API key to be logged in clear text in the audit log file after an invalid login...Read More ...

Continue Reading

April 18, 2024

CVE-2024-31463

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONIC_REVERSE_PROXY_SETUP variable set to true, 1) HTTP basic credentia ...

Continue Reading

April 17, 2024

Oracle Linux 8 : cri-o (ELSA-2024-12328)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12328 advisory. The protojson.Unmarshal function can enter an infin ...

Continue Reading

April 17, 2024

Fedora 39 : mbedtls (2024-666210bd74)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-666210bd74 advisory. An issue was discovered in Mbed TLS 2.18.0 through ...

Continue Reading

April 17, 2024

BIT-argo-cd-2024-31990

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should o ...

Continue Reading

April 17, 2024

CVE-2024-31887

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: ...Read More ...

Continue Reading

April 17, 2024

CVE-2024-2083

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs ...

Continue Reading

April 17, 2024

CVE-2024-3028

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in t ...

Continue Reading

April 17, 2024

1 565 566 567 568 569 1,578

Back to Main
Subscribe for the latest news: