Aggregator

A vulnerability, which was classified as problematic, was found in zopefoundation RestrictedPython up to 7.2. Affected is the function RestrictedPython.Utilities.utility_builtins. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-47532. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in expressjs basic-auth-connect up to 1.0.x. It has been classified as problematic. This affects an unknown part. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2024-47178. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GLib 2.26.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Unicast Handler. The manipulation leads to authentication bypass by spoofing. This vulnerability is handled as CVE-2024-34397. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

The post Life in the Swimlane with Connor Mansfield, Senior SDR appeared first on AI-Enhanced Security Automation.

The post Life in the Swimlane with Connor Mansfield, Senior SDR appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in Ivanti Connect Secure up to 22.7R2.2. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-37400. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Endpoint Manager up to 2022 SU5/2024 and classified as very critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-50330. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Ivanti EPM up to 2022 SU5/2024 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-34787. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WSO2 Identity Server up to 5.4.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Dashboard. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2018-8716. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.