PT-2024-27594 · Unknown · Bbpress Notify

Name of the Vulnerable Software and Affected Versions: bbPress Notify versions 2.18.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For bbPress...

kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin bbPress Notify versions = 2.18.3...

WordPress bbPress Notify Plugin <= 2.18.3 is vulnerable to Cross Site Scripting (XSS)

Software bbPress Notify Type Plugin Vulnerable versions = 2.18.3 Fixed in 2.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64ebe76096fa Credits Dimas Maulana Required privileg...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2024-26583)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26583 advisory. - In the Linux kernel, the following vulnerability has been resolved: tls: fix race between...

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

CVE-2024-23736

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

PT-2024-20046 · Savignano · S/Notify

Name of the Vulnerable Software and Affected Versions: savignano S/Notify versions prior to 4.0.2 for Jira Description: A Cross Site Request Forgery CSRF issue allows attackers to manipulate a user's S/MIME certificate or PGP key via a malicious link or email. Recommendations: For versions prior ...

CVE-2024-23737

CVE-2024-23737 describes a CSRF vulnerability in Savignano S/Notify prior to 4.0.2 for Jira that can allow manipulation of a user’s S/MIME certificate or PGP key via a malicious link or email. Affected software: Savignano S/Notify before 4.0.2 for Jira. Root cause: CSRF leading to unintended cert...

CVE-2024-23736

The CVE-2024-23736 entry concerns the savignano S/Notify product for Confluence, affected versions prior to 4.0.2. The vulnerability is a Cross-Site Request Forgery (CSRF) that enables an attacker to manipulate a user’s S/MIME certificate or PGP key via a malicious link or email. The root cause i...

CVE-2024-23736

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

Savignano Software Solutions S/Notify Security Breach

Savignano Software Solutions S/Notify is an email encryption program from Savignano Software Solutions, Germany. A security vulnerability previously existed in Savignano Software Solutions S/Notify version 4.0.2. An attacker exploited the vulnerability to manipulate a user's PGP key S/MIME...

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

CVE-2024-23736

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

Malicious code in Blockcоre.Fеatures.WalletNotify (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Blockcоre.Fеаtures.WallеtNotify (NuGet)

--- -= Per source details. Do not edit below this line.=-...

SUSE-SU-2024:2205-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005539 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event bsc1218259. - CVE-2024-26852: Fixed use-after-free in ip6routempathnotify...