(LGPCSuite Setup), (IPSFULLHD, LG ULTRAWIDE, ULTRA HD Driver Setup) Security Vulnerabilities

Improper Logs Output Neutralization

org.keycloak:keycloak-services is vulnerable to Improper Logs Output Neutralization . The vulnerability is due to errors in the browser client setup/auth process with "Security Key login" (WebAuthn), which are written into the form, sent to Keycloak, and are logged without proper escaping, which...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

Save as PDF < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Save as PDF < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. On the "Settings &gt; Save as....

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

Keycloak vulnerable to log Injection during WebAuthn authentication or registration

A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection. Acknowledgements: Special thanks toTheresa Henze for reporting this issue and helping....

Keycloak vulnerable to log Injection during WebAuthn authentication or registration

A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection. Acknowledgements: Special thanks toTheresa Henze for reporting this issue and helping....

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for...

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for...

CVE-2024-26872 RDMA/srpt: Do not register event handler until srpt device is fully setup

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

CVE-2024-2118

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for...

CVE-2024-2309

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

CVE-2024-2118

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for...

CVE-2024-2309

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

CVE-2024-2309 WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

CVE-2024-2118 Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for...

openSUSE: Security Advisory for eclipse, maven (SUSE-SU-2024:1304-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6725-2)

The remote host is missing an update for...

Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for...

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt...

CVE-2024-21081

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner.....

CVE-2024-21081

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner.....

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 Exploit Tool 🛠️ This Python script is designed...

linux-aws, linux-aws-5.15 vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly.....

Linux kernel (AWS) vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate...

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....

CVE-2024-1754

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1754

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1660

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1746

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2023-7201

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...

CVE-2023-7201

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...

CVE-2024-0902

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-0902

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1660

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1746

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1754 NPS computy <= 2.7.5 - Admin+ Stored XSS

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1746 Testimonial Slider < 2.3.8 - Admin+ Stored XSS

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1660 Top Bar < 3.0.5 - Admin+ Stored XSS

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-1712 Carousel Slider < 2.2.7 - Editor+ Stored XSS

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...