CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

WordPress plugin Easy SVG Allow security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

PT-2024-19483 · Shopsite · Shopsite

Name of the Vulnerable Software and Affected Versions: ShopSite version 14.0 Description: An arbitrary file upload issue in the /alsdemo/ss/mediam.cgi component allows attackers to execute arbitrary code by uploading a crafted SVG file. Recommendations: For ShopSite version 14.0, consider disabli...

openssl: Incorrect cipher key and IV length processing

A flaw was found in OpenSSL in how it processes key and initialization vector IV lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality...

CVE-2024-0879

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

Authentication flaw

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879 Authentication bypass in vector-admin domain restriction

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879

CVE-2024-0879 describes an authentication bypass in vector-admin where a user can register to a vector-admin server while domain restriction is active, even without owning an authorized email address. The vulnerability affects vector-admin’s authentication flow and is documented across multiple s...

CVE-2024-0879 Authentication bypass in vector-admin domain restriction

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

DRUPAL-CONTRIB-2024-006

The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides. The module could allow an attacker...

CVE-2024-23180

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

PT-2024-19698 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier Description: The issue is related to improper input...

SUSE-SU-2024:0172-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-6129: Fixed vector register clobbering on PowerPC. bsc1218690 - CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. bsc1218810...

openssl: Incorrect cipher key and IV length processing

A flaw was found in OpenSSL in how it processes key and initialization vector IV lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality...

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.7, before Ver.3.0.29, before Ver.2.11.58, and before Ver.2.10.50, which can be exploited by an attacker to execute arbitrary code by uploading a specially crafted SVG file...

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits applicatio...

CVE-2023-40051

CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....