P10, P10 Plus Security Vulnerabilities

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly...

K000138726 : Linux kernel vulnerability CVE-2023-3611

Security Advisory Description An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to...

Here Are the Google and Microsoft Security Updates You Need Right Now

Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from...

CVE-2024-0680

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

Information disclosure

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

CVE-2024-0680

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

WP Private Content Plus <= 3.6 - Unauthenticated Protected Post Access

Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

[SECURITY] Fedora 38 Update: libxls-1.6.2-14.fc38

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV (named, appropriately enough,...

[SECURITY] Fedora 39 Update: libxls-1.6.2-14.fc39

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV (named, appropriately enough,...

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution Vulnerability

...

RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource...

TEM Opera Plus FM Family Transmitter 35.45 - XSRF Vulnerability

...

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

...

Fedora: Security Advisory for libxls (FEDORA-2024-e74783429c)

The remote host is missing an update for...

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

...

K000138731 : Linux vulnerability CVE-2023-3776

Security Advisory Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference...

Fedora: Security Advisory for libxls (FEDORA-2024-8b67e47e43)

The remote host is missing an update for...

User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

A Mysterious Leak Exposed Chinese Hacking Secrets

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone...

CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

K000138682 : libssh vulnerability CVE-2023-2283

Security Advisory Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepki_verify_data_signature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited....

CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

CVE-2023-52462 bpf: fix check for attempt to corrupt spilled pointer

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

K000138695 : OpenSSL vulnerability CVE-2024-0727

Security Advisory Description Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12...

CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to...

K000138693 : Linux kernel vulnerabilities CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208

Security Advisory Description CVE-2023-4206 A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new...

K000138704 : Multiple MySQL vulnerabilities

Security Advisory Description CVE-2024-20964 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...

A New Age of Hacktivism

In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU is vulnerable to CVE-2023-33850

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack: Jazz Foundation, IBM Jazz Reporting Service, IBM...

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is "notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess...

K000138668 : OpenSSL vulnerability CVE-2023-6237

Security Advisory Description Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained....

K000138679 : GoLang vulnerabilities CVE-2023-24540, CVE-2023-29400, and CVE-2023-29403

Security Advisory Description CVE-2023-24540 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly...

SUSE SLES12 Security Update : libssh (SUSE-SU-2024:0539-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0539-1 advisory. A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP...

K000138650 : cURL vulnerability CVE-2023-46218

Security Advisory Description This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh2_org (SUSE-SU-2024:0558-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0558-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other ...

SUSE SLES12 Security Update : libssh2_org (SUSE-SU-2024:0543-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0543-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

K000138649 : GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553

Security Advisory Description CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVE-2024-0553 A vulnerability was found in GnuTLS. The response times...

CVE-2023-52438

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-&gt;vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap:...

CVE-2023-52438

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-&gt;vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap:...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-&gt;vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap:...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...

CVE-2023-52438 binder: fix use-after-free in shinker's callback

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-&gt;vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap:...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted...

Privilege escalation

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted...

The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1923 The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability February 20, 2024 CVE Number CVE-2024-23310 SUMMARY A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master...

The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1922 The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23313 SUMMARY An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project.....

The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1925 The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23606 SUMMARY An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project...