PT-2024-37702 · WordPress · Admin Trim Interface

Name of the Vulnerable Software and Affected Versions: Admin Trim Interface plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes bootstrap and leaves test files with display errors on. This...

PT-2024-37725 · WordPress · Campaign Monitor

Name of the Vulnerable Software and Affected Versions: Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled...

GHSA-66FW-43H8-F8P3 XMP Toolkit's `XmpFile::close` can trigger undefined behavior

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occurred, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due ...

XMP Toolkit's `XmpFile::close` can trigger undefined behavior

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occurred, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due ...

Apache Roller 输入验证错误漏洞

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. Apache Roller suffers from a cross-site scripting vulnerability that can be exploited by an attacker to obtain cookie-based authentication credentials...

kernel: net: amd-xgbe: Fix skb data length underflow

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUGON triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length...

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

The vulnerability of Zoom’s video conferencing software, related to synchronization errors when using shared resources (“Race Situation”), allows attackers to escalate their privileges.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the Team Chat component in Zoom’s video conferencing software allows attackers to disclose protected information.

The vulnerability of the Team Chat component in Zoom’s video conferencing software is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker who operates remotely to disclose sensitive information...

The vulnerabilities of the event monitoring, threat detection, security analytics platforms of IBM QRadar Suite, as well as the IBM Cloud Pak for Security security platform, allow attackers to gain access to confidential information.

The vulnerabilities of event monitoring platforms, threat detection systems, security analytics in the IBM QRadar Suite, and IBM Cloud Pak for Security related to security configuration errors can be exploited by attackers operating remotely. This allows them to gain access to confidential...

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

The vulnerability of Zoom’s video conferencing software, related to synchronization errors when using shared resources (“Race Situation”), allows a violator to trigger a service failure.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Packet Forwarding Engine (PFE) mechanism in Juniper Networks’ Junos OS operating system allows a attacker to cause a service failure. This vulnerability affects devices in the ACX5448 and ACX710 series.

The vulnerability of the Packet Forwarding Engine PFE mechanism in Juniper Networks’ Junos OS on ACX5448 and ACX710 series devices is related to synchronization errors. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CWA 2405: Application launch fails after upgrading to CWA 2405

After upgrading CWA to 2405 app launch may fail with "Internal error" or "Connection Timeout". The issue is seen more frequently while trying to launch multiple applications at the same time. The ICA file gets downloaded but after sometime, "Connection timeout" error is seen. Sometimes, the first...

The vulnerability of the GPU driver for Mali-based processors, based on Arm, Bifrost, and Valhall architectures, allows a hacker to execute arbitrary code.

The vulnerability of the GPU driver for Mali-based processors based on Arm, Bifrost, and Valhall is related to synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the GraphWorX64 module in the GENESIS64 SCADA system allows a intruder to execute arbitrary code.

The vulnerability of the GraphWorX64 module in the GENESIS64 SCADA system is related to errors in the code. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the SCADA system MasterSCADA 4D, related to errors in processing input data, allows a intruder to trigger a service failure.

The vulnerability of the SCADA system MasterSCADA 4D is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the SINEMA Remote Connect client web interface, related to security mechanism errors, allows a perpetrator to view and edit protected information regarding device configurations.

The vulnerability of the SINEMA Remote Connect client web interface is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to view and edit protected configuration information about device settings without proper access rights...

SUSE-SU-2024:2574-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 - CVE-2024-22018: Fixed fs.lstat bypasses permission model bsc1227562 -...

The vulnerability of the QlikView analytical platform, related to synchronization errors when using a common resource, allows a perpetrator to execute arbitrary code.

The vulnerability of the QlikView analytical platform is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code within the context of the Windows administrator...