R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : mod_jk vulnerability (USN-6826-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6826-1 advisory. Karl von Randow discovered that mod_jk was vulnerable to an authentication bypass. If the configuration did not...

RHEL 8 : kpatch-patch (RHSA-2024:3805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibTIFF vulnerability (USN-6827-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6827-1 advisory. It was discovered that LibTIFF incorrectly handled memory when performing certain cropping...

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6821-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-3 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

KLA68915 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...

WP Flow Plus < 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Flow Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Oracle Database Password Hash Unauthorized Access

...

Exploit for CVE-2023-33105

CVE-2023-33105: Transient DOS in WLAN Host and Firmware...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : MySQL vulnerabilities (USN-6823-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6823-1 advisory. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : GIFLIB vulnerabilities (USN-6824-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6824-1 advisory. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this ...

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

Intel 2024.2 IPU - BIOS May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...

Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6822-1 advisory. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data...

Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could...

FengOffice 3.11.1.2 SQL Injection

...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2024-33572 WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2023-52232

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52230

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52232

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52230

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52232 WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

CVE-2023-52232 WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

Exploit for CVE-2024-31819

CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

Exploit for CVE-2024-29269

CVE-2024-29269 An issue discovered in Telesquare TLR-2005Ksh...

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in...

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....