PT-2024-40591 · Oracle +1 · Java.Base/Sun.Nio.Cs.Cesu 8$Encoder +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer class and th...

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...

WordPress Email Encoder Bundle Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1282 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db2eb8d78c8d Credits Richard Telleng...

Email Encoder – Protect Email Addresses and Phone Numbers < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attribute...

Ubuntu 16.04 LTS / 18.04 LTS / 22.04 LTS : UltraJSON vulnerabilities (USN-6629-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6629-1 advisory. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly...

CentOS 8 : flac (CESA-2023:5046)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5046 advisory. - Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

PT-2024-19381 · Hid Global · Omnikey 5023 Readers +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns certain configurations in the communication channel for encoders that could expose sensitive data when reader configuration cards are...

SUSE: Security Advisory (SUSE-SU-2024:0240-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0241-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2023-51257: Fixed an out of bounds write in the JPC encoder bsc1218802...

SUSE-SU-2024:0240-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2023-51257: Fixed an out of bounds write in the JPC encoder bsc1218802...

CVE-2024-0642

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

CVE-2024-0643

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0643

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0642

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

Design/Logic Flaw

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

Design/Logic Flaw

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0643 Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0643 Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0643

CVE-2024-0643 affects C21 Live Encoder and Live Mosaic, version 5.3. The issue is an unrestricted upload of dangerous file types in the product, enabling a remote attacker to upload various file extensions without restrictions and potentially achieve full system compromise. Some sources corrobora...

CVE-2024-0642 Inadequate access control in C21 Live Encoder and Live Mosaic

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...