(LGPCSuite Setup), (IPSFULLHD, LG ULTRAWIDE, ULTRA HD Driver Setup) Security Vulnerabilities

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up...

CVE-2023-52455 iommu: Don't reserve 0-length IOVA region

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up...

CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is...

CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is...

CVE-2024-26594 ksmbd: validate mech token in session setup

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is...

Advice for manufacturers on the coming PSTI regulation

TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure (Product Security) Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...

CVE-2023-52455

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up...

CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is...

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard ("*") while also having the Access-Control-Allow-Credentials set to...

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard ("*") while also having the Access-Control-Allow-Credentials set to...

ConnectWise ScreenConnect Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve RCE by uploading a malicious extension module. All versions of.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...

Exploit for Vulnerability in Metabase

Exploit CVE-2023-38646 Metabase before 0.46.6.1 (open source)...

Fedora: Security Advisory for rear (FEDORA-2024-49ddbf447d)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0577-1)

The remote host is missing an update for...

(RHSA-2024:0934) Important: Red Hat Virtualization security and bug fix update

Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request...

No fix KrbRelay VMware style

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a.....

[SECURITY] Fedora 38 Update: rear-2.7-8.fc38

Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...

[SECURITY] Fedora 39 Update: rear-2.7-8.fc39

Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

YARPP < 5.30.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Create a new Facebook like...

RHEL 8 : Red Hat Virtualization (RHSA-2024:0934)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0934 advisory. ovirt: authentication bypass (CVE-2024-0822) Note that Nessus has not tested for this issue but has instead relied only on the application's...

Fedora: Security Advisory for rear (FEDORA-2024-a2f6e5ddb8)

The remote host is missing an update for...

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper...

GLSA-202402-28 : Samba: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-28 (Samba: Multiple Vulnerabilities) An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names...

Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC When creating a new widget,...

WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download

Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire...

Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1920 The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability February 20, 2024 CVE Number CVE-2024-21795 SUMMARY A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig...

Password Protected < 2.6.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its Google Captcha Site Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and a few other vulnerabilities. When...

Exploit for CVE-2023-23752

Joomla! &lt; 4.2.8 - Unauthenticated Information Disclosure...

Debian dla-3735 : golang-github-opencontainers-runc-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization...

Exploit for Vulnerability in Microsoft

CVE-2024-21413 This Python script is used to abuse the...

Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit

...

SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:0485-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0485-1 advisory. jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. (CVE-2023-31582) Note that Nessus has not tested for these...

Hacking Microsoft and Wix with Keyboard Shortcuts

Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat...

TinyTurla Next Generation - Turla APT spies on Polish NGOs

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we're calling "TinyTurla-NG" (TTNG) is similar to Turla's previously disclosed implant, TinyTurla, in coding style and functionality implementation....

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Fedora 38 : xen (2024-4b2cf8c375)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4b2cf8c375 advisory. Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to...

Metabase 0.46.6 - Pre-Auth Remote Code Execution

...

Fedora 39 : xen (2024-e527e6fd08)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e527e6fd08 advisory. Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to...

Metabase 0.46.6 Remote Code Execution

...

CVE-2024-25619

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...

CVE-2024-25619

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...

CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...