Web'log Pro Unlimited Security Vulnerabilities

USN-6736-1: klibc vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to...

USN-6756-1: less vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...

Certain HP LaserJet Pro Printers – Potential Information Disclosure

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Update your printer...

RHEL 8 : go-toolset:rhel8 (RHSA-2024:3259)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3259 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

RHEL 8 : git-lfs (RHSA-2024:3346)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3346 advisory. Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git,...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fix(es): * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in...

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

Certain HP LaserJet Pro – Potential Cross-Site Scripting (XSS)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Update your printer...

FleetCart 4.1.1 Information Disclosure

...

USN-6719-2: util-linux vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write...

USN-6737-1: GNU C Library vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of...

Unlimited Elements for Elementor < 1.5.108 - Contributor+ SQLi

Description The plugin is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access...

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-28834) It was...

May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band

May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This...

(RHSA-2024:2729) Important: Red Hat OpenStack Platform 17.1 (etcd) security update

A highly-available key value store for shared configuration Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) crypto/tls:...

(RHSA-2024:3259) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers...

CVE-2024-3666

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....

CVE-2024-3666

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....

CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....

CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible.....

Attacks, Vulnerabilities and Actors 13 to 19 May 2024

...

Critical ‘Linguistic Lumberjack’ Flaw in Fluent Bit Hits Major Cloud Providers

...

Grandoreiro Trojan: An Evolving Threat to Global Banking

...

Metamorfo Banking Trojan Targets the Americas

...

Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

Opal Estate Pro <= 1.7.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in.....

RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2729 advisory. A highly-available key value store for shared configuration Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and...

CVE-2024-31757

An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys...

CVE-2024-31757

An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys...

CVE-2023-52733

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed...

CVE-2023-52733

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....

CVE-2023-52733

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....

CVE-2023-52733 s390/decompressor: specify __decompress() buf len to avoid overflow

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....

CVE-2023-52733 s390/decompressor: specify __decompress() buf len to avoid overflow

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2021-47300 bpf: Fix tail_call_reachable rejection for interpreter when jit failed

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...

CVE-2024-4452

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...

CVE-2024-4452

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...

CVE-2024-4452 ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...

CVE-2024-4452 ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...

(RHSA-2024:2865) Important: OpenShift Container Platform 4.15.14 bug fix and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.14. See the following advisory for the RPM...

(RHSA-2024:2936) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...

(RHSA-2024:2935) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...

ElementsKit Pro < 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2023-52733

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....