Defender Security – Malware Scanner, Login Security & Firewall Security Vulnerabilities

CVE-2023-30998

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-38368

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31883

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31916

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-30430

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-30997

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...

CVE-2024-38364

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

CVE-2024-38364

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-38364

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...

CVE-2024-24764 October Open Redirect for Administrator Accounts

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...

WordPress 5.0.x < 5.0.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP4) (SUSE-SU-2024:2191-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2191-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

SUSE SLES12 Security Update : kernel (Live Patch 51 for SLE 12 SP5) (SUSE-SU-2024:2202-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2202-1 advisory. This update for the Linux Kernel 4.12.14-122_186 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed an...

Ubuntu 24.04 LTS : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6746-2 advisory. USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. ...

WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.1.x < 4.1.41 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Mageia: Security Advisory (MGASA-2024-0238)

The remote host is missing an update for...

Moderate Photon OS Security Update - PHSA-2024-5.0-0304

Updates of ['libxml2'] packages of Photon OS have been...

Amazon Linux 2 : unbound (ALASUNBOUND-1.17-2024-002)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound...

Debian: Security Advisory (DLA-3842-1)

The remote host is missing an update for the...

WordPress 5.5.x < 5.5.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.8.x < 4.8.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Debian: Security Advisory (DLA-3841-1)

The remote host is missing an update for the...

WordPress 6.2.x < 6.2.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan vulnerabilities (USN-6851-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-1 advisory. Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard...

Automad 2.0.0-alpha.4 Cross Site Scripting

...

WordPress 5.3.x < 5.3.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.4.x < 5.4.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Ubuntu: Security Advisory (USN-6848-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0239)

The remote host is missing an update for...

WordPress 5.2.x < 5.2.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : avahi (SUSE-SU-2024:2200-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2200-1 advisory. - CVE-2023-38471: Fixed a reachable assertion in dbus_set_host_name. (bsc#1216594) -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2198-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2198-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ....

libvpx - security update

Bulletin has no...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wget (SUSE-SU-2024:2201-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2201-1 advisory. - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Wget vulnerability (USN-6852-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6852-1 advisory. It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could...

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

RHEL 9 : kernel-rt (RHSA-2024:4106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

WordPress 5.7.x < 5.7.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...