R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

Emerson Ovation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Ovation Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...

Johnson Controls Software House iStar Pro Door Controller

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

Northwind Demo 1.0 Cross Site Scripting

...

Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6815-1 advisory. Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : OpenJDK 8 vulnerabilities (USN-6810-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6810-1 advisory. It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with ...

Oracle Linux 9 : kernel (ELSA-2024-3619)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3619 advisory. - ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735} Tenable has extracted the...

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...

Small CRM 1.0 Cross Site Scripting

...

Oracle Linux 8 : kernel (ELSA-2024-3618)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libvpx vulnerability (USN-6814-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6814-1 advisory. Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 17 vulnerabilities (USN-6812-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6812-1 advisory. It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially...

Zyxel NAS Multiple Vulnerabilities (Jun 2024) - Active Check

Multiple Zyxel NAS devices are prone to multiple ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 21 vulnerabilities (USN-6813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6813-1 advisory. It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans

A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects...

[SECURITY] Fedora 40 Update: qt5-qtwebsockets-5.15.14-1.fc40

The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

Atril vulnerability

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages atril - Official Document Viewer of the MATE Desktop Environment Details It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Atril vulnerability (USN-6808-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6808-1 advisory. It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-6809-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6809-1 advisory. It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this...

RHEL 8 : kernel-rt (RHSA-2024:3627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3627 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

RHEL 9 : kernel (RHSA-2024:3619)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3619 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: sr: fix possible...

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

AlmaLinux 8 : kernel-rt (ALSA-2024:3627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

AlmaLinux 8 : kernel update (Medium) (ALSA-2024:3618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GDK-PixBuf vulnerability (USN-6806-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6806-1 advisory. Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ...

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

Ubuntu 24.04 LTS : unixODBC vulnerability (USN-6715-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6715-2 advisory. USN-6715-1 fixed a vulnerability in unixODBC. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: It was discovered...

Ubuntu 20.04 LTS : FRR vulnerabilities (USN-6807-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6807-1 advisory. It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash,...

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust...

CVE-2024-35651

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through...

CVE-2024-35651

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through...

CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through...

CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through...

CVE-2023-49774

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through...

CVE-2023-49774

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through...