HP PageWide Printers; HP OfficeJet Pro Printers Security Vulnerabilities

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

ElementsKit PRO < 3.6.3 - Authenticated (Contributor+) Server-Side Request Forgery

Description The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations....

Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and.....

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.12 - Authenticated (Subscriber+) Information Exposure

Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

WP STAGING PRO - Backup Duplicator & Migration < 5.6.1 - Cross-Site Request Forgery to Limited Local File Inclusion

Description The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin -...

Folders Pro < 3.0.3 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

Description The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above,...

Sensei Pro (WC Paid Courses) < 4.24.0.1.24.0 - Authenticated (Student+) Stored Cross-Site Scripting

Description The Sensei Pro (WC Paid Courses) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.23.1.1.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Student-level...

CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...

CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

Enabling Proactive Security with Continuous Threat Exposure Management (CTEM) for Managed Service Providers

...

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

Exploit for CVE-2024-3922

CVE-2024-3922-Poc Dokan Pro &lt;= 3.10.3 - Unauthenticated...

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro (WC Paid Courses) plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flush_rewrite_rules() function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...

CVE-2024-34821

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

POC Exploit Code Released for Apache HugeGraph RCE Vulnerability

...

Fog Ransomware Targets US Sectors Via Compromised VPN Credentials

...

Attacks, Vulnerabilities and Actors 3 to 9 June 2024

...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....

June 11, 2024—KB5039274 (Security-only update)

June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...

June 11, 2024—KB5039266 (Security-only update)

June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...

June 11, 2024—KB5039225 (OS Build 10240.20680)

June 11, 2024—KB5039225 (OS Build 10240.20680) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...

June 11, 2024—KB5039227 (OS Build 20348.2527)

June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....

June 11, 2024—KB5039214 (OS Build 14393.7070)

June 11, 2024—KB5039214 (OS Build 14393.7070) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...

June 11, 2024—KB5039260 (Monthly Rollup)

June 11, 2024—KB5039260 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....

June 11, 2024—KB5039217 (OS Build 17763.5936)

June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...