Enjoy 5s; Y6 Pro Security Vulnerabilities

CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

Enabling Proactive Security with Continuous Threat Exposure Management (CTEM) for Managed Service Providers

...

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

Exploit for CVE-2024-3922

CVE-2024-3922-Poc Dokan Pro &lt;= 3.10.3 - Unauthenticated...

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2024-37665

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...

CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro (WC Paid Courses) plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flush_rewrite_rules() function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it...

CVE-2024-34821

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...

POC Exploit Code Released for Apache HugeGraph RCE Vulnerability

...

Fog Ransomware Targets US Sectors Via Compromised VPN Credentials

...

Attacks, Vulnerabilities and Actors 3 to 9 June 2024

...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....

June 11, 2024—KB5039266 (Security-only update)

June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...

June 11, 2024—KB5039274 (Security-only update)

June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...

June 11, 2024—KB5039225 (OS Build 10240.20680)

June 11, 2024—KB5039225 (OS Build 10240.20680) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...

June 11, 2024—KB5039227 (OS Build 20348.2527)

June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....

June 11, 2024—KB5039214 (OS Build 14393.7070)

June 11, 2024—KB5039214 (OS Build 14393.7070) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...

June 11, 2024—KB5039260 (Monthly Rollup)

June 11, 2024—KB5039260 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....

June 11, 2024—KB5039217 (OS Build 17763.5936)

June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)

June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...

June 11, 2024—KB5039213 (OS Build 22000.3019)

June 11, 2024—KB5039213 (OS Build 22000.3019) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out.....

June 11, 2024—KB5039245 (Monthly Rollup)

June 11, 2024—KB5039245 (Monthly Rollup) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended.....

June 11, 2024—KB5039294 (Monthly Rollup)

June 11, 2024—KB5039294 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

June 11, 2024—KB5039289 (Monthly Rollup)

June 11, 2024—KB5039289 (Monthly Rollup) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update...

Download Manager < 3.2.94 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

Description The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output...

KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024

KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024 __ End of support information Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance...

KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024

KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024 __ End of support information Windows 8.1 reached end of support (EOS) on January 10, 2023, at which point technical assistance and software updates are no longer provided. If you have devices running Windows 8.1, we...

KB5039337: Servicing stack update for Windows 10: June 11, 2024

KB5039337: Servicing stack update for Windows 10: June 11, 2024 __ End of support information Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise LoT editions. After April 9, 2019, these devices are no...

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

PowerPack Pro for Elementor < 2.10.18 - Authenticated (Contributor+) Privilege Escalation

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...

Checkout Field Editor for WooCommerce (Pro) < 3.6.3 - Unauthenticated Arbitrary File Deletion

Description The Checkout Field Editor for WooCommerce (Pro) plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.6.2. This is due to the plugin not properly validating a file or it's path prior to deleting it. This makes it possible for...

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024

KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024 __ **End of support information ** As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity:High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode (SMM) ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

Dokan Pro < 3.11.0 - Unauthenticated SQL Injection

Description The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

KB5039334: Servicing stack update for Windows 10, version 1607 and Server 2016: June 11, 2024

KB5039334: Servicing stack update for Windows 10, version 1607 and Server 2016: June 11, 2024 __ End of support information Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack...

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...