Norton Antivirus, Norton AntiVirus With Backup, Norton Security, Norton Security With Backup, Norton Internet Security, Norton 360 Security Vulnerabilities

CVE-2024-5863 Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2024-5863 Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above,...

users.drew.edu Cross Site Scripting vulnerability OBB-3939342

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

applications-laser.fr Cross Site Scripting vulnerability OBB-3939343

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

demolitions.dk Cross Site Scripting vulnerability OBB-3939341

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...

CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...

andelsboligforeningenfremtiden.dk Cross Site Scripting vulnerability OBB-3939338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

roboworld.dk Cross Site Scripting vulnerability OBB-3939337

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] Fedora 40 Update: emacs-29.4-3.fc40

Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using...

[SECURITY] Fedora 40 Update: kernel-6.9.6-200.fc40

The kernel meta...

eventyrgolf.dk Cross Site Scripting vulnerability OBB-3939336

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vafo.dk Cross Site Scripting vulnerability OBB-3939335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...

Security Bulletin: Denial of service and password enumeration might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...

uniquesims.com Cross Site Scripting vulnerability OBB-3939334

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bestamericanpsychics.com Cross Site Scripting vulnerability OBB-3939333

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mailing-manager.com Cross Site Scripting vulnerability OBB-3939332

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bhhscalifornia.com Cross Site Scripting vulnerability OBB-3939331

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

AlmaLinux 9 : pki-core (ALSA-2024:4165)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4165 advisory. * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) Tenable has extracted the preceding description block directly from the AlmaLinux security...

Mageia: Security Advisory (MGASA-2024-0240)

The remote host is missing an update for...

ROS-20240628-01

A vulnerability in the Notes file of the distraction-free note-taking app for Nextcloud is related to the The ability to share a Notes folder with a new user before they are logged in. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

Oracle Linux 9 : pki-core (ELSA-2024-4165)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4165 advisory. [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass.....

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

Ubuntu: Security Advisory (USN-6855-1)

The remote host is missing an update for...

WordPress Emergency Password Reset Script Detected

WordPress has a PHP script named emergency.php which is designed to help sites administrators reset their passwords as a last resort. When exposed with the web application, this file can allow a remote and unauthenticated attacker to perform a password reset of the administrator...

Ubuntu: Security Advisory (USN-6856-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0242)

The remote host is missing an update for...

Ubuntu 20.04 LTS : CUPS regression (USN-6844-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles...

Polyfill Detected

The polyfill.js file is a popular open-source library to ensure old browsers compatibility when evaluating JavaScript code. Starting February 2024, the domain polyfill.io and the related GitHub account have been purchased by a malicious threat actor to inject malwares in all web applications...

A Bootiful Podcast: Spring Security community legend Laur Spilca

Hi, Spring fans! In this installment I talk to Spring Security community legend Laur Spilca, live from the Spring I/O show in beautiful...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

Ubuntu: Security Advisory (USN-6857-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-5615-3)

The remote host is missing an update for...

Autodesk Multiple Vulnerabilities (AutoCAD) (adsk-sa-2024-0010)

The version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2024.1.5. It is, therefore, affected by multiple vulnerabilities: A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious...

Fedora 40 : emacs (2024-a3fecfab32)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a3fecfab32 advisory. Update to Emacs 29.4, fixing CVE-2024-39331. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 40 : kernel (2024-aca908f73b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-aca908f73b advisory. The 6.9.6 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...

Ubuntu: Security Advisory (USN-6852-2)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0241)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0243)

The remote host is missing an update for...

K000140189: Linux kernel vulnerability CVE-2021-47572

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....

dcmtk - security update

Bulletin has no...

evansjones.co.uk Cross Site Scripting vulnerability OBB-3939330

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bluegrovehomes.co.uk Cross Site Scripting vulnerability OBB-3939329

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3d.walktheweb.com Cross Site Scripting vulnerability OBB-3939328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cotswoldwindows.co.uk Cross Site Scripting vulnerability OBB-3939327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tececo.com Cross Site Scripting vulnerability OBB-3939326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2016-20022

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...

sirsepaca.org Cross Site Scripting vulnerability OBB-3939325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...