SCALANCE X302-7 EEC (230V, Coated) Security Vulnerabilities

CVE-2023-44234

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...

CVE-2023-44234

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through...

CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...

CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...

CVE-2023-25030 WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through...

CVE-2023-25030 WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through...

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

CVE-2024-5203

A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a unique token sent during the authentication POST request, /login-actions/authenticate. This flaw allows an attacker to craft a malicious login page and trick a legitimate user of an application into...

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

BIT-suitecrm-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2023-52749

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes....

CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7...

Oracle Linux 9 : 389-ds-base (ELSA-2024-3837)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3837 advisory. [2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed...

RHEL 9 : python-idna (RHSA-2024:3846)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3846 advisory. The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): *...

389-ds-base security update

[2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via...

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

Patch Tuesday - June 2024

It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2024-34819 WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

How Cynet Makes MSPs Rich & Their Clients Secure

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2024-34820

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through...

CVE-2024-34826

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...

CVE-2024-34820

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through...

CVE-2024-34826

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...

CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...

CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...

CVE-2024-34820 WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through...

CVE-2024-34820 WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...