P10, P10 Plus Security Vulnerabilities

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

CVE-2021-47192 scsi: core: sysfs: Fix hang when device state is set via sysfs

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

CVE-2021-47192 scsi: core: sysfs: Fix hang when device state is set via sysfs

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

CVE-2024-31287

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

CVE-2024-31287

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

CVE-2024-31287 WordPress Media Library Folders plugin <= 8.1.8 - Directory Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

WP Photo Album Plus < 8.6.03.005 - Authenticated (Subscriber+) Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppa_user_upload() function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access....

ROS-20240410-02

Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngx_http_v3_module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been...

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

K000139227 : amphp/http vulnerability CVE-2024-2653

Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. (CVE-2024-2653) Impact There is no impact; F5 products are not affected by this...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part...

K000139228 : Envoy vulnerability CVE-2024-27919

Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This.....

K000139236 : Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309

Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. (CVE-2024-31309) Impact There is no impact; F5 products are not affected by this...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...

K000139218 : CVE-2024-22243 Spring Framework vulnerability

Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or...

K000139229 : Tempesta vulnerability CVE-2024-2758

Security Advisory Description Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. (CVE-2024-2758) Impact There is no impact; F5 products are not affected by this...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP+....

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct FTP+ on Solaris platform in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on Solaris platform is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct FTP+ on Solaris platform has upgraded...

Security Bulletin: Vulnerabilities in cryptography and Jinja [CVE-2023-50782, CVE-2024-22195]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in cryptography and Jinja which include obtain sensitive information and cross-site scripting, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have...

CVE-2024-3434

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been...

CVE-2024-3434

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been...

K000139214 : Apache httpd vulnerability CVE-2024-27316

Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. (CVE-2024-27316) Impact There is no impact; F5 products...

CVE-2024-3434 CP Plus Wi-Fi Camera User Management improper authorization

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been...

CVE-2024-31286

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before...

CVE-2024-31286

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before...

CVE-2024-31286 WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before...

My Maintenance Policy

I wrote a short document describing how I maintain open source projects, to link it from my global CODE_OF_CONDUCT, CONTRIBUTING, and SECURITY files. It talks about how I prefer issues to PRs, how I work in batches, and how I'm trigger-happy with bans. It's all about setting expectations. It got...

Identity Thief Lived as a Different Man for 33 Years

Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary IBM Copy Services Manager is vulnerable to an information disclosure threats ( CVE-2023-33850) and other vulnerabilities ( CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850) due to the use of IBM Java. IBM Java is used by CSM to.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...

The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Reflected Cross-Site Scripting

Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-0335

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from...

CVE-2024-0335

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from...

CVE-2024-0335 Malformed Packet Handling

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from...

K000139152 : Linux kernel vulnerability CVE-2023-2006

Security Advisory Description A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute...

CVE-2023-6154

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

CVE-2023-6154

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

K000139140 : util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

K000139141 : liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to....

You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and...