Ryzen™ Threadripper™ PRO Processors “Chagall” WS Security Vulnerabilities
Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
Oracle Linux 8 : fence-agents (ELSA-2024-2968)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2968 advisory. [4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 -...
9.8CVSS
7AI Score
0.001EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.8CVSS
7.5AI Score
EPSS
7.3AI Score
7.3AI Score
in-dubio-pro-geo.de Cross Site Scripting vulnerability OBB-3930898
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
7.3AI Score
7.3AI Score
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Bugs https://bugs.chromium.org/p/webm/issues/detail?id=1642 Notes...
7.5CVSS
6.6AI Score
0.001EPSS
Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’
Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...
7.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.9CVSS
7.8AI Score
0.0004EPSS
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which...
7.4AI Score
7.3AI Score
7.3AI Score
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...
9.6AI Score
0.0004EPSS
7.9CVSS
7.5AI Score
0.0004EPSS
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.) PoC Free: 1. ADMIN: Install The Events Calendar 2. ADMIN: Create events with each status: published,...
9.4AI Score
0.0004EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Metasploit Weekly Wrap-Up 05/23/2024
Infiltrate the Broadcast! A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain...
7.1AI Score
0.003EPSS
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be...
6.8AI Score
0.0004EPSS
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the...
5.9AI Score
0.0004EPSS
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the...
5.7AI Score
0.0004EPSS
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the...
5.7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...
10CVSS
9.4AI Score
EPSS
7.3AI Score
7.3AI Score
7.3AI Score
7.3AI Score
A journey into forgotten Null Session and MS-RPC interfaces
A journey into forgotten Null Session and MS-RPC interfaces (PDF) It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null...
7.4AI Score
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context...
7.8CVSS
7.5AI Score
0.001EPSS
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as....
6.3AI Score
USN-6736-1: klibc vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to...
9.8CVSS
7.7AI Score
0.013EPSS
USN-6756-1: less vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...
8AI Score
0.0004EPSS
Certain HP LaserJet Pro Printers – Potential Information Disclosure
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Update your printer...
7.1AI Score
0.0004EPSS
fence-agents security and bug fix update
[4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 [4.2.1-127] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 -...
6.1CVSS
6.8AI Score
0.001EPSS
kernel security, bug fix, and enhancement update
[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
9.8CVSS
8AI Score
EPSS
Certain HP LaserJet Pro – Potential Cross-Site Scripting (XSS)
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Update your printer...
5.9AI Score
0.0004EPSS
7.2AI Score
0.001EPSS
USN-6719-2: util-linux vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write...
6.9AI Score
0.0005EPSS
USN-6737-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of...
8.2AI Score
0.0005EPSS
USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-28834) It was...
5.3CVSS
7.4AI Score
0.0005EPSS
RHEL 8 : fence-agents (RHSA-2024:2968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2968 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
6.1CVSS
6.6AI Score
0.001EPSS
May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band
May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This...
7.1AI Score
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....
6.4CVSS
5.9AI Score
0.0004EPSS
7.3AI Score
7.3AI Score