(LGPCSuite Setup), (IPSFULLHD, LG ULTRAWIDE, ULTRA HD Driver Setup) Security Vulnerabilities

BIT-phpmyadmin-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML...

BIT-openfire-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

BIT-grafana-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

BIT-grafana-image-renderer-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized...

BIT-couchdb-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of....

BIT-akeneo-2022-46157

Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

Badgerboard: A PLC backplane network visibility module

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark....

How Cybercriminals are Exploiting India's UPI for Money Laundering Operations

Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...

BloodHound - Six Degrees Of Domain Admin

BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4414-1)

The remote host is missing an update for...

openSUSE: Security Advisory for poppler (SUSE-SU-2023:4690-1)

The remote host is missing an update for...

Ebook Store < 5.8002 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

openSUSE: Security Advisory for trivy (openSUSE-SU-2022:10022-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2424-2)

The remote host is missing an update for...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)

The remote host is missing an update for...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)

The remote host is missing an update for...

openSUSE: Security Advisory for zabbix (openSUSE-SU-2023:0191-1)

The remote host is missing an update for...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0397-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3172-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3377-1)

The remote host is missing an update for...

openSUSE: Security Advisory for opera (openSUSE-SU-2022:0156-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4351-1)

The remote host is missing an update for...

openSUSE: Security Advisory for iperf (SUSE-SU-2023:3887-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4343-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4378-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4345-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3313-1)

The remote host is missing an update for...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2024:0421-1)

The remote host is missing an update for...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

...

Tinyfilemanager-Wh1Z-Edition - Effortlessly Browse And Manage Your Files With Ease Using Tiny File Manager [WH1Z-Edition], A Compact Single-File PHP File Manager

Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

SUSE: Security Advisory (SUSE-SU-2024:0726-1)

The remote host is missing an update for...

(RHSA-2024:1057) Important: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...

CVE-2023-52477

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-&gt;bos without checking if it was allocated and initialized. If...

CVE-2023-52477

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-&gt;bos without checking if it was allocated and initialized. If...

CVE-2023-52477

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-&gt;bos without checking if it was allocated and initialized. If...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-&gt;bos without checking if it was allocated and initialized. If...

CVE-2023-52477 usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-&gt;bos without checking if it was allocated and initialized. If...

CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

Design/Logic Flaw

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

CentOS 9 : kernel-5.14.0-347.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog. A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device...

CentOS 9 : curl-7.76.1-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-26.el9 build changelog. A vulnerability in input validation exists in curl &lt;8.0 during communication using the TELNET protocol may allow an attacker to pass on...

CentOS 9 : NetworkManager-1.43.10-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the NetworkManager-1.43.10-1.el9 build changelog. It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path...

CentOS 9 : curl-7.76.1-20.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

CentOS 9 : runc-1.1.7-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the runc-1.1.7-2.el9 build changelog. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as...