F5 BIG-IP, REST Framework Logging Security Vulnerabilities

miyoshipat.co.jp Cross Site Scripting vulnerability OBB-3938544

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Malicious code in skinport-rest-docs (npm)

-= Per source details. Do not edit below this...

neowheels.com Cross Site Scripting vulnerability OBB-3938541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Malicious code in gew7-client-framework (npm)

-= Per source details. Do not edit below this...

Malicious code in azure-rest-api-specs-tests (npm)

-= Per source details. Do not edit below this...

Malicious code in azure-rest-api-specs-eng-tools (npm)

-= Per source details. Do not edit below this...

sames.com Cross Site Scripting vulnerability OBB-3938539

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

britax-roemer.cz Cross Site Scripting vulnerability OBB-3938537

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

jr-wheels.com Cross Site Scripting vulnerability OBB-3938536

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries....

business.invoicebox.ru Cross Site Scripting vulnerability OBB-3938529

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ggcity.org Cross Site Scripting vulnerability OBB-3938526

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

openlab.citytech.cuny.edu Cross Site Scripting vulnerability OBB-3938525

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

npg.si.edu Cross Site Scripting vulnerability OBB-3938524

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

kaddi.com Cross Site Scripting vulnerability OBB-3938522

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ciup.fr Cross Site Scripting vulnerability OBB-3938521

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

glimakrausa.com Cross Site Scripting vulnerability OBB-3938518

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

uomustansiriyah.edu.iq Cross Site Scripting vulnerability OBB-3938517

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sahilhorse.com Cross Site Scripting vulnerability OBB-3938516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

nyls.edu Cross Site Scripting vulnerability OBB-3938515

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

northerncarealliance.nhs.uk Cross Site Scripting vulnerability OBB-3938514

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

subiaco.de Cross Site Scripting vulnerability OBB-3938506

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

umsdental.com Cross Site Scripting vulnerability OBB-3938504

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

central-kino-rottweil.de Cross Site Scripting vulnerability OBB-3938502

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fewo-cottbus.com Cross Site Scripting vulnerability OBB-3938501

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

finster-essen.de Cross Site Scripting vulnerability OBB-3938500

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

schreibenmitstil.de Cross Site Scripting vulnerability OBB-3938499

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

whtours.com Cross Site Scripting vulnerability OBB-3938498

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

abovecrm.cslsj.qc.ca Cross Site Scripting vulnerability OBB-3938497

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

paec.org Cross Site Scripting vulnerability OBB-3938495

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

247clipart.com Cross Site Scripting vulnerability OBB-3938492

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

PyTorch < 2.2.2 RCE

The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

CVE-2024-35526

An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade...

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-&gt;sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

CVE-2024-35527

An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)

The remote host is missing an update for the Huawei...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

CVE-2024-36270

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...