Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication bsc1256399. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

Gitlab -- vulnerabilities

Gitlab reports: Denial of Service issue in Jira Connect integration impacts GitLab CE/EE Incorrect Authorization issue in Releases API impacts GitLab CE/EE Unchecked Return Value issue in authentication services impacts GitLab CE/EE Infinite Loop issue in Wiki redirects impacts GitLab CE/EE Denia...

MiracleLinux 8 : java-17-openjdk-17.0.9.0.9-2.el8 (AXSA:2023-6546:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6546:18 advisory. OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authenticatio...

MiracleLinux 4 : wireshark-1.2.15-2.AXS4.1 (AXSA:2012-539:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-539:02 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by theviper17y in WordPress Plugin Blog2Social versions = 8.7.2...

CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete= because the authentication check occurs too late...

CVE-2018-19411

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account including administrator via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights...

CVE-2009-4232

The Kide Shoutbox comkide component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2021-31337

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products SINAMICS SL15...

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22784

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system...

CVE-2021-0193

Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access...

CVE-2021-0151

Improper access control in the installer for some IntelR Wireless BluetoothR and KillerTM BluetoothR products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-0096

Improper authentication in the software installer for the IntelR NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...