Microsoft Windows Server 2008 And R2, Windows 8.1 And Windows RT 8.1, Windows Server 2012 And R2, Windows 10 Gold, 1511, 1607, And 1703, And Windows Server 2016. Security Vulnerabilities

mantlestates.com Cross Site Scripting vulnerability OBB-3934750

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bioracer.com Cross Site Scripting vulnerability OBB-3934749

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....

kenkai.com Cross Site Scripting vulnerability OBB-3934748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Securing Online Business Transactions: Essential Tools and Practices

Enhance your online transaction security with encryption, VPNs, and authentication. Understand threats, address vulnerabilities, and use secure payment gateways. Stay compliant with PCI DSS and regulatory standards to protect your business and build customer...

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

Creating Secure CRM Pipelines in Construction: Best Practices and Essential Strategies

Secure your construction company's CRM pipeline to protect client data and streamline operations. A specialized CRM enhances communication, reduces errors, and supports scalable growth with advanced security features and automation...

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

serviceuptime.com Cross Site Scripting vulnerability OBB-3934744

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20. No patch is available...

CVE-2012-2653 affecting package arpwatch 2.1a15-51

CVE-2012-2653 affecting package arpwatch 2.1a15-51. No patch is available...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-2016-2124 affecting package samba 4.12.5-6

CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...

CVE-2016-4912 affecting package openslp 2.0.0-26

CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...

CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21

CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21. No patch is available...

CVE-2016-2568 affecting package polkit 0.119-3

CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...

CVE-2022-3857 affecting package syslinux 6.04-10

CVE-2022-3857 affecting package syslinux 6.04-10. No patch is available...

CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10

CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is...

CVE-2022-43552 affecting package cmake 3.21.4-10

CVE-2022-43552 affecting package cmake 3.21.4-10. No patch is available...

CVE-2023-23916 affecting package cmake 3.21.4-10

CVE-2023-23916 affecting package cmake 3.21.4-10. No patch is available...

CVE-2023-23915 affecting package cmake 3.21.4-10

CVE-2023-23915 affecting package cmake 3.21.4-10. No patch is available...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...

CVE-2016-2568 affecting package polkit 0.116-7

CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...

CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10

CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is...

brainmedia.com Cross Site Scripting vulnerability OBB-3934743

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[slackware-security] cups

New cups packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.12.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For...

TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW

Urgent alert for PHP users: Update your server immediately to protect against the newly exploited CVE-2024-4577 by...

CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

Jupyter Server Proxy has a reflected XSS issue in host parameter

Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, cilium-cli, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, timestamp-authority, kubernetes-csi-external-snapshotter, haproxy-ingress,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, kubernetes-csi-livenessprobe, haproxy-ingress, tctl, scorecard, gitlab-runner, aactl, bom, wireguard-go, nri-prometheus, kyverno, mc, terraform, prometheus, cert-manager, skaffold, thanos, kpt,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: wolfictl, goreleaser, aactl, melange, apko, flux-source-controller, gitsign, tkn, slsa-verifier, skaffold, falcoctl, ko, falco, vexctl, policy-controller, neuvector-sigstore-interface, kubescape, zot, tekton-chains, zarf,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: cloudflared, kots, dex, sops, flux-kustomize-controller, cosign, tekton-pipelines, aactl, flux-source-controller, gitsign, cilium-envoy, vault, keda, kyverno, oauth2-proxy, external-secrets-operator, tkn, rekor, slsa-verifier, fulcio, traefik, argo-workflows,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: loki, k3d, scorecard, goreleaser, tekton-pipelines, aactl, bom, k3s, slsa-verifier, prometheus, cert-manager, skaffold, falco, chartmuseum, kpt, kubescape, tekton-chains, ctop, paranoia,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, pulumi-kubernetes-operator, melange, argo-workflows,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, nodetaint, spark-operator, cluster-autoscaler, kubernetes-dns-node-cache, node-feature-discovery, kubernetes-csi-driver-hostpath, calico, local-static-provisioner, ip-masq-agent,...