P10, P10 Plus Security Vulnerabilities

CVE-2024-2210

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....

CVE-2024-2210

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....

CVE-2024-2203

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...

CVE-2024-2203

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...

CVE-2024-2203

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...

CVE-2024-2210

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....

K000139064 : Apache vulnerabilities CVE-2009-2299, CVE-2012-3526, CVE-2012-4001, and CVE-2012-4360

Security Advisory Description CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via...

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used...

Rockwell Automation FactoryTalk View ME

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...

The Plus Addons for Elementor < 5.4.2 - Contributor+ LFI

Description The plugin is vulnerable to Local File Inclusion via the Team Member Listing and Clients widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in....

K000139043 : Apache Struts vulnerabilities CVE-2016-4430, CVE-2016-4431, and CVE-2016-4433

Security Advisory Description CVE-2016-4430 Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. CVE-2016-4431 Apache Struts 2 2.3.20 through 2.3.28.1 allows remote...

IBM Storage Protect Plus Server Access Control Error Vulnerability

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An access control error vulnerability exists in....

IBM Storage Protect Plus Server Information Disclosure Vulnerability (CNVD-2024-16923)

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An information disclosure vulnerability exists.....

K000139044 : Apache httpd vulnerabilities CVE-2011-1176, CVE-2011-2688, CVE-2013-0942, CVE-2013-2765, and CVE-2013-4365

Security Advisory Description CVE-2011-1176 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which...

CVE-2024-21914

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

CVE-2024-21914

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

CVE-2024-21914 Rockwell Automation - FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

K000139026 : NTP vulnerability CVE-2009-3563

Security Advisory Description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE.....

Apple Chip Flaw Leaks Secret Encryption Keys

Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack...

K000138990 : BIND vulnerability CVE-2023-4408

Security Advisory Description The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this....

openSUSE 15 Security Update : jsch-agent-proxy (SUSE-SU-2024:0974-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0974-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

openSUSE 15 Security Update : jbcrypt, trilead-ssh2 (SUSE-SU-2024:0972-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0972-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by.....

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...

K000138989 : BIND vulnerability CVE-2023-5517

Security Advisory Description A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response....

K000138991 : BIND vulnerability CVE-2023-6516

Security Advisory Description To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is...

CVE-2024-27277

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...

CVE-2024-27277

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...

CVE-2024-27277 IBM Storage Protect Plus Server information disclosure

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...

CVE-2023-47715

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...

CVE-2023-47715

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...

CVE-2023-47715 IBM Storage Protect Plus Server improper access control

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1475)

The remote host is missing an update for the Huawei...

Apple Security Update: iOS 16.7.7 and iPadOS 16.7.7Details coming soon

Apple recommends to install security update iOS 16.7.7 and iPadOS 16.7.7Details coming soon on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st...

About the security content of iOS 16.7.7 and iPadOS 16.7.7

About the security content of iOS 16.7.7 and iPadOS 16.7.7 This document describes the security content of iOS 16.7.7 and iPadOS 16.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

EulerOS Virtualization 2.9.0 : libssh2 (EulerOS-SA-2024-1470)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.9.1 : openssh (EulerOS-SA-2024-1460)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

K000138977 : ncurses vulnerability CVE-2022-29458

Security Advisory Description ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458) Impact There is no impact; F5 products are not affected by this...

EulerOS Virtualization 2.9.1 : libssh2 (EulerOS-SA-2024-1455)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1469)

The remote host is missing an update for the Huawei...

K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908

Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....

EulerOS Virtualization 2.9.1 : libssh (EulerOS-SA-2024-1454)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2024-1469)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1454)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1455)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1470)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1460)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.9.0 : openssh (EulerOS-SA-2024-1475)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...