Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Malicious code in eslint-plugin-classification-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf941eb64cb46effcedb0a7bc56e9aa2c3a16f53b93efc19baecb91bc6699f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10969 Malicious code in eslint-plugin-classification-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf941eb64cb46effcedb0a7bc56e9aa2c3a16f53b93efc19baecb91bc6699f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Wiz collaborates with NVIDIA to advance ML research for data classification

Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...

CVE-2024-10868

creationtimestamp| type| source ---|---|--- 2024-11-23 03:49:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113530225948755769...

WordPress GEO my WordPress Plugin < 4.5 is vulnerable to Arbitrary File Upload

Software GEO my WordPress Type Plugin Vulnerable versions 4.5 Fixed in 4.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9422 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID d3c56af69a13 Credits Michael Dyrna Required privilege Administrator...

WordPress Premium Packages Plugin <= 5.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.9.3 Fixed in 5.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 615d91201bee Credits Peter Thaleikis...

CVE-2024-52427

creationtimestamp| type| source ---|---|--- 2024-11-18 14:25:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113504413335244833 2024-11-18 17:23:14+00:00| seen| https://t.me/cvedetector/11348 2024-11-26 18:34:10+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9190...

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

python: incorrect IPv4 and IPv6 private ranges

A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from th...

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...

WordPress OSM – OpenStreetMap Plugin <= 6.1.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52355 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68bca5f9bb55 Credits Junwoo Kang Required privilege...

Maritime lawyers assemble!

Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

WordPress amazing neo icon font for elementor Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software amazing neo icon font for elementor Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50543 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 973c64009b42 Credits Gab Required privile...

WordPress ID-SK Toolkit Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software ID-SK Toolkit Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50517 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f37480f4086 Credits Gab Required privilege Contributor Publish...

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...