Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...
7AI Score
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...
7AI Score
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and....
7.7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...
10CVSS
9.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds:...
6.6AI Score
0.0004EPSS
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.4CVSS
8.8AI Score
0.028EPSS
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...
7.3AI Score
Are Your SaaS Backups as Secure as Your Production Data?
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_delete operation in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. Moreover, use kfree() in the later error handling in order....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avoid NULL pointer...
6.5AI Score
0.0004EPSS
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as....
6.3AI Score
[21.01.0-11] - Fix crashes in FoFiType1C - Rebuild for inclusion of poppler-glib-doc in CRB - Resolves: RHEL-4255, RHEL-4273 [21.01.0-10] - Check XRef's Catalog for being a Dict - Resolves: #2189816 [20.11.0-9] - Check isDict before calling getDict 2 - Resolves: #2189837 [20.11.0-8] - Check isDict....
5.5CVSS
7.5AI Score
0.001EPSS
RHEL 8 : gstreamer1-plugins-good (RHSA-2024:3089)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3089 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a...
7.6CVSS
7.6AI Score
0.0005EPSS
RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2024:3060)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3060 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...
8.8CVSS
9.1AI Score
0.0005EPSS
Veeam Backup and Replication with Veeam Backup Enterprise Manager Multiple Vulnerabilities (KB4581)
The version of Veeam Backup and Replication with Veeam Backup Enterprise Manager installed on the remote Windows host is prior to 12.1.2.172. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Veeam Backup Enterprise Manager that allows an unauthenticated attacker to log.....
9.8CVSS
6.2AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : VLC vulnerabilities (USN-6783-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6783-1 advisory. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use ...
9.8CVSS
8.4AI Score
0.001EPSS
RHEL 8 : gstreamer1-plugins-base (RHSA-2024:3088)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3088 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a...
8.8CVSS
8.6AI Score
0.0005EPSS
Virtuozzo Hybrid Infrastructure 6.1 Update 1.1 (6.1.1-36)
This update provides a stability improvement. Vulnerability id: VSTOR-86420 A stability fix for Backup...
7.3AI Score
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
6.9AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to read backup session...
2.7CVSS
3.6AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to read backup session...
2.7CVSS
6.6AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
9.2AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
9.5AI Score
0.0004EPSS
8.8CVSS
6.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
6.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to read backup session...
2.7CVSS
6.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to read backup session...
2.7CVSS
4.2AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
6.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
7AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
9.4AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
9.5AI Score
0.0004EPSS
It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code...
9.8CVSS
7.7AI Score
0.001EPSS
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers......
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [] kmalloc include/linux/slab.h:561 [inline] []....
6.5AI Score
0.0004EPSS
Microsoft AI “Recall” feature records everything, secures far less
Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....
6.8AI Score
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name...
10CVSS
7.2AI Score
0.976EPSS
(RHSA-2024:3089) Moderate: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): gstreamer-plugins-good: integer overflow leading to...
7.2AI Score
0.0005EPSS
(RHSA-2024:3060) Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
7.3AI Score
0.0005EPSS
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below - ...
7.2CVSS
9.1AI Score
EPSS
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an...
7.5CVSS
9.5AI Score
0.022EPSS
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.1CVSS
6.3AI Score
0.0005EPSS
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible.....
8.8CVSS
7.1AI Score
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.1CVSS
6.3AI Score
0.0005EPSS