Norton Antivirus, Norton AntiVirus With Backup, Norton Security, Norton Security With Backup, Norton Internet Security, Norton 360 Security Vulnerabilities

CVE-2024-6305

Rejected reason: REJECT Accidental Reservation making this a duplicate. Please use...

CVE-2024-5216

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in...

CVE-2024-6307

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

britax-roemer.cz Cross Site Scripting vulnerability OBB-3938537

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Akamai Doubles Down on API Security

...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 275. Vulnerability Details ** CVEID: CVE-2023-3978 DESCRIPTION: **Golang html package is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

jr-wheels.com Cross Site Scripting vulnerability OBB-3938536

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 275. Vulnerability Details ** CVEID: CVE-2023-43804 DESCRIPTION: **urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not.....

CVE-2024-5216 Denial of Service in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in...

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-34447 DESCRIPTION:.....

CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

CVE-2024-4640

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

CVE-2024-4640

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-23082 DESCRIPTION: **ThreeTen Backport is vulnerable to a denial of service, caused by an integer...

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....

How to Cut Costs with a Browser Security Platform

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do.....

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries....

CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-34142

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34142

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

CVE-2024-34141

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

business.invoicebox.ru Cross Site Scripting vulnerability OBB-3938529

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Event Streams are vulnerable in terms of both confidentiality and integrity. (CVE-2024-20918, CVE-2024-20926, CVE-2024-20952).

Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the jose4j component ( CVE-2023-51775).

Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...

Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).

Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component (CVE-2023-26159,CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources...

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the Kotlin component (CVE-2020-29582,CVE-2022-24329).

Summary IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the JetBrains Kotlin component. JetBrains Kotlin is used in event streams to simplify the development process with its concise syntax, enhance code safety with nullability features, and...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details **...

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control due to the follow-redirects component ( CVE-2024-28849).

Summary IBM Event Streams is vulnerable to a Broken Access Control due to the Node.js follow-redirects module. follow-redirects provides request and get methods that behave identically to those found on the native http and https modules. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:.....

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Okio component ( CVE-2023-3635).

Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...

CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...