Lenovo Ez Media & Backup Center Security Vulnerabilities

CVE-2023-40672

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

CVE-2023-40672

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

Exploit for Unrestricted Upload of File with Dangerous Type in Likeshop

...

CVE-2023-40672 WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

CVE-2023-52764

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the...

CVE-2023-52754

In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got bound with the same imon....

CVE-2023-52744

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev beforehand. Found by...

Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow < 1.4.0 - Missing Authorization

Description The Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_media_slider and _ms_save_settings functions in versions up to, and including, 1.3.9....

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

Ubuntu: Security Advisory (USN-6820-2)

The remote host is missing an update for...

RHEL 8 : kernel (RHSA-2024:3810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...

KLA68918 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...

Ubuntu: Security Advisory (USN-6819-2)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6821-3)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner

Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....

linux-aws, linux-oracle vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

linux-aws, linux-aws-5.15 vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

linux-nvidia vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

Patch Tuesday - June 2024

It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...

[SECURITY] [DSA 5707-1] vlc security update

Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...

Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review

Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...

linux-intel-iotg-5.15 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

CVE-2024-5812

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-5812

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-23111

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-23111

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-23111

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-23111

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged.....

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions (Serv-U FTP and Serv-U MFT). Successful exploitation of the vulnerability allows unauthenticated attackers to read...

CVE-2023-52183

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...

CVE-2023-52183

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...

CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...

CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...

Schneider Electric APC Easy UPS Online Monitoring Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....