CVE ID : CVE-2023-45272 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. Severity: 5.4 | MEDIUM Visit the link for…

CVE ID : CVE-2024-39623 Published : Jan. 2, 2025, 1:15 p.m. | 2 hours, 55 minutes ago Description : Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go…

CVE-2024-12108: Progress WhatsUp Gold Vulnerability CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne … Read more Published Date: Jan 02, 2025 (2 hours, 10 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12108 CVE-2024-12987 CVE-2024-49112 CVE-2024-21182 Go to…

CVE-2024-49112 POC Code Released The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win … Read more Published Date: Jan 02, 2025 (4 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12987 CVE-2024-49112 CVE-2024-21182 Go…

Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with…

Publication Date: 2024/12/11 2:00PM PST AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml’s Constructor(), as the software does not restrict the types that can be…

Publication Date: 2024/11/8 4:00 PM PDT Data.all is an open source development framework to help customers build a data marketplace on AWS. We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative…

Publication Date: 2024/10/21 4:00 PM PDT Description: The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud…

Publication Date: 2024/10/21 4:00 PM PDT The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed…

Publication Date: 2024/12/24 10:00AM PST AWS has identified the following issues within the Amazon Redshift JDBC Driver, Amazon Redshift Python Connector, and Amazon Redshift ODBC Driver. On December 23, 2024, we released a fix and recommend customers upgrade to the latest version to address these issues. The Amazon Redshift JDBC Driver, version 2.1.0.31, is affected…