[UPDATE] [medium] OpenCTI: Vulnerability allows bypassing security measures
A remote, authenticated attacker can exploit a vulnerability in OpenCTI to bypass security measures.
● Live advisory feed
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
A remote, authenticated attacker can exploit a vulnerability in OpenCTI to bypass security measures.
A remote, anonymous attacker can exploit multiple vulnerabilities in Fluentd to execute arbitrary code, disclose information, or cause a Denial of Service.
An attacker can exploit multiple vulnerabilities in Microsoft Edge to gain elevated privileges, execute arbitrary code, bypass security measures, conduct spoofing and cross-site scripting attacks, disclose sensitive information, or trigger a denial-of-service condition.
A remote, anonymous or authenticated attacker can exploit multiple vulnerabilities in Joomla to present false information, launch a Cross-Site Scripting attack, and modify data.
A remote, authenticated attacker can exploit multiple vulnerabilities in Joomla to conduct attacks such as Cross-Site Scripting (XSS), SQL injection, privilege escalation, authentication bypass, path traversal, local file inclusion (LFI), and unauthorized access.
An attacker can exploit multiple vulnerabilities in NATS Server to execute arbitrary code, gain elevated permissions, bypass security measures, manipulate or disclose data, or cause a Denial-of-Service condition.
A remote, anonymous attacker can exploit a vulnerability in Wazuh Manager to escalate their privileges.
A remote, anonymous attacker can exploit multiple vulnerabilities in IBM Operational Decision Manager to bypass security restrictions, cause a denial of service, and execute code.
An attacker can exploit multiple vulnerabilities in PostgreSQL to execute arbitrary program code, carry out a denial-of-service attack, disclose information, manipulate files, conduct an SQL injection attack, and bypass security measures.
A remote attacker can exploit multiple vulnerabilities in Joomla to perform a cross-site scripting attack and bypass security mechanisms.
A remote, anonymous attacker can exploit multiple vulnerabilities in ESRI ArcGIS to bypass security measures or gain user rights.
A remote, anonymous attacker can exploit multiple vulnerabilities in wget to conduct a denial of service attack.
A remote, authenticated attacker can exploit a vulnerability in IBM WebSphere Application Server to execute arbitrary actions on the server.
A remote, anonymous attacker can exploit a vulnerability in IBM WebSphere Application Server Liberty to conduct a denial of service attack.
A remote, anonymous attacker can exploit a vulnerability in dpkg to disclose information.
An attacker can exploit multiple vulnerabilities in ILIAS to bypass security measures, disclose sensitive information, or conduct cross-site scripting attacks.
A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux to conduct a denial of service attack.
A remote, anonymous attacker can exploit a vulnerability in Red Hat JBoss Enterprise Application Platform to conduct a cross-site scripting attack.
A remote, anonymous attacker can exploit multiple vulnerabilities in ImageMagick to cause a denial of service condition, disclose information, and bypass security mechanisms.
A remote, anonymous attacker can exploit a vulnerability in OpenSC to execute arbitrary program code.
An attacker can exploit multiple vulnerabilities in Fleet to bypass security mechanisms, disclose confidential information, cause a denial-of-service condition, or manipulate security configurations.
An attacker can exploit multiple vulnerabilities in Samba to execute arbitrary code, conduct a denial of service attack, manipulate files, and bypass security measures.
A remote, anonymous attacker can exploit multiple vulnerabilities in jq to conduct a Denial of Service attack.
A remote, anonymous attacker can exploit multiple vulnerabilities in ImageMagick to conduct a Denial of Service attack or disclose information.
A remote anonymous attacker can exploit multiple vulnerabilities in Kiali for Red Hat OpenShift Service Mesh to gain elevated privileges, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.
A local attacker can exploit a vulnerability in jq to conduct a denial of service attack.
A remote, anonymous attacker can exploit a vulnerability in libxml2 to conduct a denial of service attack.
An attacker can exploit multiple vulnerabilities in OpenSSH to conduct a denial of service attack, bypass security measures, manipulate data, or disclose confidential information.
A local attacker can exploit multiple vulnerabilities in expat to conduct a denial of service attack or potentially execute code.
An attacker can exploit multiple vulnerabilities in the Linux Kernel to conduct unspecified attacks, potentially including code execution, denial-of-service attacks, bypassing security measures, or manipulating data.
An attacker can exploit multiple vulnerabilities in Gitea to bypass security measures, manipulate data, disclose confidential information, trigger a Denial-of-Service condition, or carry out other unspecified attacks.
A remote, anonymous attacker can exploit a vulnerability in FreeType to conduct an unspecified attack.
A local attacker can exploit a vulnerability in QEMU to cause a denial-of-service state and potentially execute arbitrary code on the host.
A local attacker can exploit a vulnerability in ImageMagick to carry out a Denial of Service attack.
A remote, anonymous attacker can exploit a vulnerability in libxml2 to disclose information.
A remote, anonymous attacker can exploit multiple vulnerabilities in MIT Kerberos to carry out a Denial of Service attack.
A remote, anonymous attacker can exploit a vulnerability in Apache log4j to execute arbitrary program code.
A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Enterprise Linux to carry out a Denial of Service attack.
An attacker can exploit multiple vulnerabilities in Apache Airflow to execute arbitrary program code, bypass security measures, and disclose information.
An attacker can exploit multiple vulnerabilities in GIMP to execute arbitrary program code and conduct a denial of service attack.
An attacker can exploit multiple vulnerabilities in BeyondTrust Privileged Remote Access and BeyondTrust Remote Support to conduct a denial of service attack, gain elevated privileges, bypass security measures, and disclose confidential information.
A local attacker can exploit a vulnerability in Red Hat Enterprise Linux to cause a denial-of-service attack or potentially execute arbitrary code.
An attacker can exploit multiple vulnerabilities in OpenSSL to conduct a denial of service attack, disclose sensitive information, or perform other unspecified attacks.
An attacker can exploit multiple vulnerabilities in Langflow to execute arbitrary program code, bypass security measures, manipulate data, disclose confidential information, or cause a Denial-of-Service condition.
An attacker can exploit multiple vulnerabilities in Tenable Security Nessus to carry out an SQL injection attack.
A remote, authenticated or anonymous attacker can exploit multiple vulnerabilities in QNAP NAS to gain elevated privileges, bypass security mechanisms, cause a Denial of Service condition, execute arbitrary commands, disclose information, or achieve unspecified impacts.
A remote, anonymous attacker can exploit a vulnerability in xwiki to disclose information.
An attacker can exploit multiple vulnerabilities in HCL BigFix Compliance to execute arbitrary code, bypass security measures, manipulate data, disclose confidential information, or cause a denial-of-service condition.
A local attacker can exploit a vulnerability in the Linux Kernel for privilege escalation, as well as to create a denial of service condition or other unspecified impacts.
A remote, authenticated attacker can exploit multiple vulnerabilities in DriveLock to disclose information, execute arbitrary code, and escalate privileges.