More significant of the two is a high-severity issue in file operations management during detected file removals in ESET's Windows antivirus, server security, and internet security products, tracked as CVE-2024-7400.
Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, tracked as CVE-2024-27348, which could be leveraged to facilitate sandbox restriction evasion.
Included among the files in the unsecured 193 GB database were information regarding fuel and petroleum shipments, invoices, and delivery tickets to and from companies, pipelines, and industries across several states, including California, Colorado, Oklahoma, Oregon, and Texas between 2019 and August 2024.
Inadequate validation of user-supplied data has caused the vulnerability, which was discovered by Trend Micro Zero Day Initiative researcher Piotr Bazyldo within ARM's JsonSerializationBinder.
Aside from containing vehicle owners' names, birthdates, and phone numbers, such an Elasticsearch cluster also featured vehicle production dates, chassis and engine numbers, and other records with a "special needs" designation, according to Cybernews researchers.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.