Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training Security Vulnerabilities

Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

...

About the security content of tvOS 17.5

About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....

About the security content of watchOS 10.5

About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

K000139590 : MySQL Server vulnerabilities CVE-2024-20994, CVE-2024-21015, CVE-2024-21050, and CVE-2024-21057

Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...

About the security content of macOS Sonoma 14.5

About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

Kemp LoadMaster Local sudo Privilege Escalation

...

About the security content of iOS 16.7.8 and iPadOS 16.7.8

About the security content of iOS 16.7.8 and iPadOS 16.7.8 This document describes the security content of iOS 16.7.8 and iPadOS 16.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail (CWE-231) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API (CWE-201)...

About the security content of Safari 17.5

About the security content of Safari 17.5 This document describes the security content of Safari 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available......

About the security content of iOS 17.5 and iPadOS 17.5

About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Exploit for CVE-2023-40000

LiteSpeed Cache XSS PoC PoC for XSS vulnerability in the...

GLSA-202405-32 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-32 (Mozilla Thunderbird: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...

Exploit for CVE-2024-32523

CVE-2024-32523-Poc CVE-2024-32523: Mailster <= 4.0.6 -...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability.....

Security Bulletin: IBM Storage Fusion is vulnerable to directory traversal due to beego.

Summary Beego is used by IBM Storage Fusion as part of the User Interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.

Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw.....

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details ** CVEID: CVE-2024-23829 DESCRIPTION:...

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress...

Security Bulletin: IBM Storage Fusion is vulnerable to phishing attacks due to follow-redirects package.

Summary follow-redirects is used by IBM Storage Fusion as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.

Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, cross-site scripting, and obtaining sensitive information due to Pypa, Pallets Jinja, requests, and urllib3.

Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION:.....

Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.

Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details ** CVEID: CVE-2023-5408 DESCRIPTION: **OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in...

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Golang Go's net/http and x/net/http2.

Summary Golang Go's net/http and x/net/http2 packages are used by IBM Storage Fusion as part of the its user interface and may be affacted by the CVE listed below. CVE-2023-45288. Vulnerability Details ** CVEID: CVE-2023-45288 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.

Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details ** CVEID: CVE-2023-43040 DESCRIPTION: **IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph...

Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade

By Deeba Ahmed Confused Latvians woke up to the Russian Victory Day parade on their TVs! Hackers targeted a content delivery network to manipulate broadcasts exposing media supply chain vulnerabilities. This is a post from HackRead.com Read the original post: Latvian TV Channels Hacked to...

Microsoft Deploys Generative AI for US Spies

Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million...

Get Weekends Back: Put Chrome CVEs like CVE-2024-4671 on Auto-Patching

On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671. The "use after free" vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and.....

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) libxml2:...

RHEL 7 : imagemagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c ...

RHEL 6 : krb5-appl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp...

RHEL 6 : c-ares (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. c-ares: Single byte out of buffer write (CVE-2016-5180) The c-ares function ares_parse_naptr_reply(),...

RHEL 6 : gthumb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gthumb: DoS via malformed JPEG image (CVE-2020-36427) Note that Nessus has not tested for this issue but has instead...

RHEL 7 : mysql-connector-java (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) (CVE-2017-3523) ...

AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...

RHEL 6 : gdk-pixbuf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gdk-pixbuf: Out-of-bounds write in OneLine32() function (CVE-2016-6352) Integer overflow in io-ico.c in...

RHEL 8 : cairo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c (CVE-2019-6462) cairo...

RHEL 6 : giflib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool (CVE-2020-23922) giflib:...

RHEL 5 : evince (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution ...

RHEL 7 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: heap-based buffer overflow related to the ReadJPEG function (CVE-2017-8358) LibreOffice...

RHEL 6 : qemu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Memory leak in hw/watchdog/wdt_i6300esb.c in...

RHEL 7 : freerdp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu (CVE-2017-2835) freerdp: Integer Overflow leading to...

RHEL 7 : docker (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. docker: IPv6 router advertisements allow for MitM attacks (CVE-2020-13401) docker: cli leaks private...

RHEL 7 : opencv (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. opencv: out-of-bounds write error in the function FillColorRow4 (CVE-2017-12606) OpenCV 3.0.0 has a...

RHEL 6 : chromium-browser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chromium-browser: Heap buffer overflow in clipboard (CVE-2020-16025) chromium-browser: Out of bounds...

RHEL 5 : gdk-pixbuf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gdk-pixbuf: heap-based overflow caused by invalid palette size (CVE-2017-12447) Integer overflow in...

RHEL 7 : glib2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c ...

RHEL 7 : optipng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. optipng: heap buffer overflow in the bmp_read_rows function (CVE-2016-3981) optipng: heap buffer...

RHEL 6 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sudo: by using ! character in the shadow file instead of a password hash can access to a run as all...