$0.99 Kindle Books Security Vulnerabilities

Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

Fedora: Security Advisory for libcaca (FEDORA-2022-3d291845d8)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: libcaca-0.99-0.59.beta20.fc36

libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant...

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...

[SECURITY] Fedora 34 Update: libcaca-0.99-0.59.beta20.fc34

libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...

Fedora: Security Advisory for libcaca (FEDORA-2022-fc6b53e7a2)

The remote host is missing an update for...

Fedora: Security Advisory for libcaca (FEDORA-2022-e3b9986722)

The remote host is missing an update for...

openSUSE: Security Advisory for libcaca (openSUSE-SU-2022:0769-1)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: libcaca-0.99-0.59.beta20.fc35

libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Pavel Vrublevsky, founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book "Spam Nation," was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money.....

Slims8 Akasia SQL Injection Vulnerability

Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management (e.g. books, journals, digital documents and other library materials) and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...

SUSE SLES11 Security Update : libcaca (SUSE-SU-2022:14909-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14909-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other...

SUSE: Security Advisory (SUSE-SU-2022:0820-1)

The remote host is missing an update for...

SUSE SLES12 Security Update : libcaca (SUSE-SU-2022:0820-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0820-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and...

SUSE: Security Advisory (SUSE-SU-2022:14909-1)

The remote host is missing an update for...

CVE-2022-0856

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...

CVE-2022-0856

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...

CVE-2022-0856

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...

Denial of service

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...

CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or...

CVE-2021-3660

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar...

openSUSE 15 Security Update : libcaca (openSUSE-SU-2022:0769-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0769-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other...

SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2022:0769-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0769-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to ...

SUSE: Security Advisory (SUSE-SU-2022:0754-1)

The remote host is missing an update for...

SUSE SLES15 Security Update : libcaca (SUSE-SU-2022:0754-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0754-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and...

SUSE: Security Advisory (SUSE-SU-2022:0769-1)

The remote host is missing an update for...

Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers

Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while.....

Security update for mc (moderate)

An update that fixes one vulnerability is now available. Description: This update for mc fixes the following issues: Midnight Commander 4.8.27: Core Reimplement version detection (#3603, #4249) Significantly reduce rebuilt time after version change (#2252, #4266) Drop automatic migration of...

Unauthorised AJAX Calls via Freemius

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....

WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin < 3.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin (versions &lt; 3.6). Solution Update the WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress...

WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin < 3.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin (versions &lt; 3.6). Solution Update the WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin to the latest...

CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...

CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

Server side request forgery (ssrf)

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2022-23644 Server-side request forgery in BookWyrm

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2022-24975

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror...

Amy Zegart on Spycraft in the Internet Age

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ -- and not in a good way. Intelligence collectors are.....

Wormhole Crypto Platform: 'Funds Are Safe' After $314M Heist

Wormhole – a web-based blockchain “bridge” that enables users to convert cryptocurrencies – said on Thursday that “all funds are safe” after attackers abused a vulnerability to shake it down for 120,000 Ethereum (approximately $314 million). In a postmortem shared with Threatpost on Thursday,...

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run...

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count....

Mageia: Security Advisory (MGASA-2019-0050)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2021-0128)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2021-0496)

The remote host is missing an update for...

CVE-2021-41166

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGE_DOCUMENTS permission may view image thumbnails....

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034...

The Data-Centric Approach to Data Privacy

All organizations understand how critical it is to have access to their customers' and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...