HP PageWide Printers; HP OfficeJet Pro Printers Security Vulnerabilities

CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would....

Johnson Controls Software House iStar Pro Door Controller

View CSAF 1. EXECUTIVE SUMMARY CVSS 4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. PoC 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save.....

CVE-2023-49441

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. Notes Author| Note ---|--- | Priority reason: Per the Dnsmasq developer, this flaw has no practical...

Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG

Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for...

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.8.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget

Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output...

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...

CVE-2024-32752

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration. Notes Author| Note ---|--- mdeslaur | This has nothing to do with the ICU package in...

Patches Made Available for Vulnerable EoL Zyxel NAS Models

...

Chained Flaws in Progress Telerik Report Server Enable Unauthenticated RCE

...

Summary of Vulnerabilities, Actors & Attacks: May 2024

...

CISA Known Exploited Vulnerability Catalog May 2024

Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and...

CVE-2024-33568

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a through...

CVE-2024-33568

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a through...

CVE-2024-33568 WordPress Element Pack Pro plugin <= 7.7.4 - Arbitrary File Read and Phar Deserialization vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a through...

CVE-2024-33568 WordPress Element Pack Pro plugin <= 7.7.4 - Arbitrary File Read and Phar Deserialization vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a through...

Attacks, Vulnerabilities and Actors 27 May to 02 June 2024

...

CVE-2024-5420

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5421

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5422

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5422

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5420

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5421

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5422 Denial of Service

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5422 Denial of Service

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5421 Authenticated Command Injection

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5421 Authenticated Command Injection

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5420 Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

CVE-2024-5420 Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and...

UNC5537 Targeting Snowflake Users for Data Theft and Extortion

...

RHEL 7 : jackson-databind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper (CVE-2017-7525) A...

RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for...

RHEL 6 : hplip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. hplip: hp-plugin verified binary download with short key ID (CVE-2015-0839) Note that Nessus has not tested for this...

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: XML external entity processing vulnerability (CVE-2017-5662) batik: information disclosure when...

RHEL 7 : hplip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. hplip: hp-plugin verified binary download with short key ID (CVE-2015-0839) Note that Nessus has not tested for this...

RHEL 7 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. log4j: Socket receiver deserialization vulnerability (CVE-2017-5645) Prior to Apache Commons Net 3.9.0,...

RHEL 7 : activemq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Spring Framework: XML External Entity (XXE) injection flaw (CVE-2013-6429) Note that Nessus has not tested for this...

RHEL 7 : groovy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Apache Groovy: Remote code execution via deserialization (CVE-2016-6814) Note that Nessus has not tested for this...

CVE-2024-36885

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second...

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices...

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

Check Point Fixes Zero-Day CVE-2024-24919 Exploited in the Wild

...

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...

HP LaserJet Printers XSS (HPSBPI03940)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /usr/bin/hydra service, which listens on TCP port 9100 by...

Canon imageCLASS MF753Cdw setResource Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper.....

Ubuntu Pro Subscription Detection

The remote Ubuntu host has an active Ubuntu Pro...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...