Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Pollock” Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

(RHSA-2024:2696) Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) A...

Top 9 Compliance Automation Software in 2024

By Uzair Amir Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise. This is a post from HackRead.com Read the original post: Top 9...

CVE-2024-34519

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...

CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...

Malicious code in zxcvbnmmmmmmkjhgfdssss (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8a752311495084af562274cafb23e80b14975e577ef5aa0af0728f4b95eb14f1) The OpenSSF Package Analysis project identified 'zxcvbnmmmmmmkjhgfdssss' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...

Malicious code in @assurantlabs/home-device-inventory (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f) The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 (npm) as malicious. It is considered malicious...

HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems

HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...

[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

[SECURITY] Fedora 38 Update: gdcm-3.0.21-4.fc38

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

[SECURITY] Fedora 39 Update: gdcm-3.0.23-5.fc39

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

Apache Commons BCEL: Remote Code Execution

Background The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier.....

A Mind at Play: Rediscovering Minesweeper in the Professional Arena

By Uzair Amir Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click. This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the...

[SECURITY] [DLA 3808-1] intel-microcode security update

Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...

Exploit for PHP External Variable Modification in Juniper Junos

Automation for Juniper CVE:2023-36845 Overview is a bash...

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

Exploit for CVE-2024-26304

CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...

CVE-2024-1050

The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...

BIT-activemq-2024-32114

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located).It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia.....

Malicious code in @socialdeal/uikit-whitelabel (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d53c0749d21786a6b7eeea319c37d26573f1ded671dc9cbed9e4508d9b65a2c0) The OpenSSF Package Analysis project identified '@socialdeal/uikit-whitelabel' @ 999.100.1 (npm) as malicious. It is considered malicious...

Malicious code in ing-feat-grants-management (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b798bc5312e2cdb16a12e65a8a02a2a447f4af87bc9132258961b27b2314b60) The OpenSSF Package Analysis project identified 'ing-feat-grants-management' @ 999.100.1 (npm) as malicious. It is considered malicious because: ...

CVE-2024-3237

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to....

CVE-2024-3240

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level.....

[SECURITY] Fedora 38 Update: python-idna-3.7-1.fc38

A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...

[SECURITY] Fedora 39 Update: python-idna-3.7-1.fc39

A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...

[SECURITY] Debian 10 LTS will reach end-of-life on June 30th, 2024

Dear Debian LTS users, This is a gentle reminder that Debian 10 ("buster") will reach end of support as the LTS release on June 30, 2024. Users are encouraged to upgrade to Debian 11 ("bullseye"). Starting in July, Debian will not provide further security updates for Debian 10. A subset of buster.....

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure

...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass

...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass

...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

...

Malicious code in lamia471 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d9af3a934ac2fcd0612cd1e8f0f0b3c17663ec12dcb3fa693dca054f2c141f1) The OpenSSF Package Analysis project identified 'lamia471' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.2 and IBM Planning Analytics 2.0.95 by upgrading or removing the vulnerable libraries. Please refer to...

[SECURITY] [DSA 5679-1] less security update

Debian Security Advisory DSA-5679-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian...

kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...

kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...

sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data

Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...

sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data

Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...

You get a passkey, you get a passkey, everyone should get a passkey

Microsoft is rolling out passkey support for all consumer accounts. Passkeys are a very secure replacement for passwords that can't be cracked, guessed or phished, and let you log in easily, without having to type a password every time. After enabling them in Windows 11 last year, Microsoft...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details ** CVEID: CVE-2024-28102 DESCRIPTION: **JWCrypto is...

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary....