Emc Ez Media & Backup (hm3) Security Vulnerabilities

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

Denial Of Service (DoS)

typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of size limits on media files (*.youtube and *.vimeo) in the TYPO3 backend, which results in large files consuming excessive system...

WBCE CMS v1.6.2 - Remote Code Execution Exploit

...

Dotclear 2.29 - Remote Code Execution Exploit

...

Mageia: Security Advisory (MGASA-2024-0205)

The remote host is missing an update for...

Serendipity 2.5.0 - Remote Code Execution Exploit

...

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,.....

CMSimple 5.15 - Remote Code Execution (Authenticated) Vulnerability

...

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: * High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11 * High CVE-2024-5494: Use after free in Dawn. Reported by...

Chromium: CVE-2024-5496 Use after free in Media Session

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

Serendipity 2.5.0 Remote Code Execution

...

CMSimple 5.15 Remote Shell Upload

...

RHEL 8 : amanda (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. amanda: runtar: crafted arguments can lead to local privilege escalation (CVE-2022-37705) In Amanda...

KLA68438 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 6 : opus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...

RHEL 5 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: Bypassing the extract path name (CVE-2016-6321) GNU Tar through 1.30, when --sparse is used,...

WBCE CMS 1.6.2 Remote Code Execution

...

RHEL 5 : opus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c (CVE-2019-15505) kernel:...

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

...

Dotclear 2.29 - Remote Code Execution (RCE)

...

Debian dsa-5702 : gir1.2-gst-plugins-base-1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5702 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5702-1 [email protected] ...

RHEL 7 : opus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...

Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

Description The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for...

Microsoft Edge (Chromium) < 125.0.2535.85 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 125.0.2535.85. It is, therefore, affected by multiple vulnerabilities as referenced in the June 3, 2024 advisory. Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker...

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

...

Dotclear 2.29 Remote Code Execution

...

Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy

This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...

RHEL 7 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...

RHEL 6 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...

Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Windows

Google Chrome is prone to multiple ...

Fedora 39 : chromium (2024-4e0ea1c22e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4e0ea1c22e advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...

Fedora 40 : chromium (2024-bb52629e6c)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb52629e6c advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...

Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Mac OS X

Google Chrome is prone to multiple ...

Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Linux

Google Chrome is prone to multiple ...

[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update

Debian Security Advisory DSA-5702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 01, 2024 https://www.debian.org/security/faq Package : gst-plugins-base1.0 CVE ID : CVE-2024-4453 An...

Disable show media on lock screen, but still accessible via pull down notificaion

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for...