Genian NAC V5.0 & Genian NAC Suite V5.0 Security Vulnerabilities

CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

ruby security update

[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package For Java could...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329

Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2023-50312

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere...

CVE-2024-3559

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3559

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3559 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3559 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RHEL 9 : libreoffice (RHSA-2024:3835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Dashboard Widgets Suite < 3.4.4 - Reflected Cross-Site Scripting

Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Only one critical issue disclosed as part of Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...

Enhancing Velociraptor with the Cado Security Platform

_By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security _ Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly...

How Cynet Makes MSPs Rich & Their Clients Secure

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933)

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]

Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment...

Exploit for CVE-2023-22515

CVE-2023-22515 Тут описана логика эксплуатации уязвимости,...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API...

Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041.

Summary IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to.....

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools

CSRF in firebase-tools emulator suite in...

FRR vulnerabilities

Releases Ubuntu 20.04 LTS Packages frr - FRRouting suite of internet protocols Details It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2022-26126,...

Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to...

Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved. PoC 1. Open the Wordpress where the plugin is installed with default...

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-&gt;nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

Security Bulletin: Gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP...

Security Bulletin: mio-0.8.10.crate, and mio-0.8.8.crate is vulnerable to CVE-2024-27308 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses mio-0.8.10.crate and mio-0.8.8.crate which is vulnerable to CVE-2024-27308 Vulnerability Details ** CVEID: CVE-2024-27308 DESCRIPTION: **Tokio Mio s vulnerable to a denial of service, caused by a use-after-free flaw due to tokens for.....

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details ** CVEID: CVE-2024-0727 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by improper...

K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080

Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...