PT-2024-36178 · Unknown · Vbsso-Lite

Name of the Vulnerable Software and Affected Versions: vBSSO-lite versions 1.4.3 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability. This vulnerability allows for authentication bypass in vBSSO-lite. Recommendations: For...

CVE-2024-44243

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system...

CVE-2024-50244

...

GHSA-GVF2-2F4G-JQF4 Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization's resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what...

[SECURITY] Fedora 41 Update: python3.11-3.11.11-1.fc41

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

CVE-2024-20136

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821...

CVE-2024-11418

CVE-2024-11418 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin Additional Order Filters for WooCommerce . The issue arises from insufficient input sanitization and output escaping of the shipping_method_filter parameter, affecting versions up to 1.21. Attackers can compe...

WordPress plugin Additional Order Filters for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

WordPress Additional Order Filters for WooCommerce plugin <= 1.21 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Max Boll b0lli in WordPress Plugin Additional Order Filters for WooCommerce versions = 1.21...

CVE-2018-9483

In btadmremovesecdeventry of btadmact.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

Moodle IDOR when deleting OAuth2 linked accounts

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts...

CVE-2024-48897

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify...

Fedora 37 : seamonkey (2022-3094c02073)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3094c02073 advisory. Some stability fixes. ---- Update to 2.53.14 Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional...

CVE-2024-10943

The CVE-2024-10943 entry relates to Rockwell Automation FactoryTalk Updater and describes an authentication bypass caused by shared secrets across accounts, potentially enabling a threat actor to impersonate a user when authentication information can be enumerated. Connected documents confirm the...

CVE-2024-49982

...

CVE-2024-50242 fs/ntfs3: Additional check in ntfs_file_release

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfsfilerelease...

CVE-2024-50242

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfsfilerelease...