[SECURITY] Fedora 40 Update: openvpn-2.6.11-1.fc40
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
7AI Score
EPSS
Fedora: Security Advisory for openvpn (FEDORA-2024-b611e122fb)
The remote host is missing an update for...
7.2AI Score
EPSS
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...
9.8CVSS
10AI Score
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
0.001EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.2AI Score
0.001EPSS
Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has...
8.8CVSS
8.3AI Score
0.001EPSS
ThroughTek P2P SDK Cleartext Transmission of Sensitive Information (CVE-2021-32934)
ThroughTek supplies multiple original equipment manufacturers of IP cameras & recorders with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds. This plugin only...
9.1CVSS
7.1AI Score
0.001EPSS
Hanwha Vision Multiple Products Denial of Service (CVE-2023-31994)
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R...
5.3CVSS
7.1AI Score
0.001EPSS
Hanwha Vision Multiple Products Command Injection (CVE-2023-31996)
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
8.8CVSS
7.5AI Score
0.001EPSS
Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)
The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level. The listed NVR is vulnerable to allow...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access...
6.9AI Score
0.0004EPSS
Hanwha Vision Multiple Products Cross-site Scripting (CVE-2023-31995)
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
5.4CVSS
6.7AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
9.8CVSS
8.7AI Score
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.1AI Score
0.001EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
0.001EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
9.7AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
9.6AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
7.6AI Score
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
7.5AI Score
0.0004EPSS
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
6.1AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.2AI Score
0.005EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1834)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer...
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1813)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0005EPSS
EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
7.2AI Score
0.0005EPSS
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
0.0004EPSS
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
7.7AI Score
0.0004EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
8.1CVSS
0.0005EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
7.1AI Score
0.0005EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
9.2AI Score
0.0005EPSS
9.1CVSS
7AI Score
0.0004EPSS
CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
0.0005EPSS
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....
7.1AI Score
A week in security (June 17 – June 23)
Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....
7.6AI Score
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
7.5AI Score
0.0004EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
0.0004EPSS
Warning: New Adware Campaign Targets Meta Quest App Seekers
A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...
7.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...
6.4AI Score
0.0004EPSS
An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...
0.0004EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
This script automatically exploits vulnerability in OpenPLC Web...
8.8CVSS
9.1AI Score
0.006EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer...
6.4AI Score
0.0004EPSS