HP Enterprise LaserJet Printers And MFPs; HP OfficeJet Enterprise Color Printers And MFP; HP PageWide Color Printers And MPS Security Vulnerabilities

CVE-2023-37898 Safe mode Cross-site Scripting (XSS) vulnerability in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any.....

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the onload...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves &lt;map&gt; <a...

CVE-2023-45673 Arbitrary code execution on click of PDF links in Joplin

Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin...

eova.com Cross Site Scripting vulnerability OBB-3937494

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38381

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev-&gt;rx_q. It should be validated header size, payload size and total packet size.....

CVE-2024-36489

In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In...

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

CVE-2024-31076

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the...

bottineauchamber.com Cross Site Scripting vulnerability OBB-3937490

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

auburnareawa.org Cross Site Scripting vulnerability OBB-3937489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dulleschamber.org Cross Site Scripting vulnerability OBB-3937487

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ruskchamber.com Cross Site Scripting vulnerability OBB-3937486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

springfordchamber.com Cross Site Scripting vulnerability OBB-3937485

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Metasploit Weekly Wrap-Up 06/21/2024

Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...

themecgroupadmin.org Cross Site Scripting vulnerability OBB-3937480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

timelead19.uditis.ch Cross Site Scripting vulnerability OBB-3937479

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6241

A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-6241

A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...

CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models

ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....

AdsExhaust Adware Distributed in Fake Oculus Installer via Google Search

New adware "AdsExhaust" disguises itself as an Oculus installer to steal screenshots, generate fake clicks, and drain resources. Learn how to protect yourself from AdsExhaust and similar...

actionlogement.fr Cross Site Scripting vulnerability OBB-3937477

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

colorbead.com Cross Site Scripting vulnerability OBB-3937476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6241 Pear Admin Boot getDictItems sql injection

A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has...

librinova.com Cross Site Scripting vulnerability OBB-3937474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sifwholesale.co.uk Cross Site Scripting vulnerability OBB-3937473

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dineon.gr Cross Site Scripting vulnerability OBB-3937471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

First million breached Ticketmaster records released for free

The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...

smsfree4all.com Cross Site Scripting vulnerability OBB-3937467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....

Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...

thamm-it.de Cross Site Scripting vulnerability OBB-3937463

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Node.js ( CVE-2024-27980)

Summary Potential code execution vulnerability in Node.js ( CVE-2024-27980) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2024-27980 ...

Exploit for CVE-2024-29973

CVE-2024-29973 Exploiter a Vulnerability detection and...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2024-30260, CVE-2024-30261)

Summary There are vulnerabilities in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-30261 DESCRIPTION: **Node.js undici module...

All Vulnerabilities for asdvallediottavo1970.it Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)

Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283)

Summary Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...

etifoil.it Cross Site Scripting vulnerability OBB-3937457

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418)

Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-31418 ...

farcom.gr Cross Site Scripting vulnerability OBB-3937456

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...