P10, P10 Plus Security Vulnerabilities

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2023-6969

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1345)

The remote host is missing an update for the Huawei...

K000138895 : BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through.....

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1317)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1339)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1343)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1323)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1321)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1316)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1338)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2024-1241)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1216)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2024-1238)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1244)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1246)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1219)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1241)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2024-1323)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1286)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1238)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1338)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1317)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1222)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1239)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1217)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : openssh (EulerOS-SA-2024-1321)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : python-paramiko (EulerOS-SA-2024-1246)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

EulerOS 2.0 SP11 : proftpd (EulerOS-SA-2024-1222)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : libssh2 (EulerOS-SA-2024-1239)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1224)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : python-paramiko (EulerOS-SA-2024-1224)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

EulerOS 2.0 SP8 : openssh (EulerOS-SA-2024-1286)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2024-1216)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : proftpd (EulerOS-SA-2024-1244)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1316)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1339)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2024-1345)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : libssh2 (EulerOS-SA-2024-1217)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2024-1219)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : openssh (EulerOS-SA-2024-1343)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user...

K000138866 : Python Pillow vulnerability CVE-2023-50447

Security Advisory Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447) Impact There is no impact; F5 products are not affected...

Metasploit Wrap-Up 03/08/2024

New module content (2) GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: #18821 contributed by n00bhaxor Path: gather/gitlab_tags_rss_feed_email_disclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that...

Fedora: Security Advisory for maven-bundle-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

Fedora: Security Advisory for bsh (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

[SECURITY] Fedora 40 Update: maven-bundle-plugin-5.1.9-5.fc40

Provides a maven plugin that supports creating an OSGi bundle from the contents of the compilation classpath along with its resources and dependencies. Plus a zillion other...

[SECURITY] Fedora 40 Update: bsh-2.1.0-12.fc40

BeanShell is a small, free, embeddable, Java source interpreter with object scripting language features, written in Java. BeanShell executes standard Java statements and expressions, in addition to obvious scripting commands and syntax. BeanShell supports scripted objects as simple method closures....

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...

CVE-2024-1419

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...