User Registration, Login & Landing Pages – LeadMagic Security Vulnerabilities

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 275. Vulnerability Details ** CVEID: CVE-2023-3978 DESCRIPTION: **Golang html package is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 275. Vulnerability Details ** CVEID: CVE-2023-43804 DESCRIPTION: **urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not.....

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-34447 DESCRIPTION:.....

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-23082 DESCRIPTION: **ThreeTen Backport is vulnerable to a denial of service, caused by an integer...

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....

How to Cut Costs with a Browser Security Platform

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do.....

Security Bulletin: IBM Event Streams are vulnerable in terms of both confidentiality and integrity. (CVE-2024-20918, CVE-2024-20926, CVE-2024-20952).

Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the jose4j component ( CVE-2023-51775).

Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...

Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).

Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component (CVE-2023-26159,CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources...

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the Kotlin component (CVE-2020-29582,CVE-2022-24329).

Summary IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the JetBrains Kotlin component. JetBrains Kotlin is used in event streams to simplify the development process with its concise syntax, enhance code safety with nullability features, and...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details **...

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control due to the follow-redirects component ( CVE-2024-28849).

Summary IBM Event Streams is vulnerable to a Broken Access Control due to the Node.js follow-redirects module. follow-redirects provides request and get methods that behave identically to those found on the native http and https modules. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:.....

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Okio component ( CVE-2023-3635).

Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1829)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1821)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1824)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-1809)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1841)

The remote host is missing an update for the Huawei...

Mageia: Security Advisory (MGASA-2024-0232)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2024-1812)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1808)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2024-1847)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6845-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for llvm (EulerOS-SA-2024-1818)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:2173-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0236)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0233)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2024-1833)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libyaml (EulerOS-SA-2024-1817)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for llvm (EulerOS-SA-2024-1839)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:2170-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1822)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1820)

The remote host is missing an update for the Huawei...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-1830)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:2171-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1831)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1828)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1844)

The remote host is missing an update for the Huawei...