PT-2024-35860 · Unknown · Maeve Lander Paypal Responder

Name of the Vulnerable Software and Affected Versions: Maeve Lander PayPal Responder versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

CVE-2024-11240

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

CVE-2024-11058

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be...

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.6.4-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fix crash within function XMLResumeParser from ...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox 126...

K000148380: MySQL vulnerability CVE-2024-21204

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-50802

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...

FreeBSD : librewolf -- Undefined behavior in selection node cache (b73d1f2a-96de-11ef-9e71-00d8612f03c8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b73d1f2a-96de-11ef-9e71-00d8612f03c8 advisory. [email protected] reports: When manipulating the selection node cache, an attacker may have been abl...

SUSE CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...

K000148311: MySQL vulnerabilities CVE-2024-21201, CVE-2024-21230, and CVE-2024-21200

Security Advisory Description CVE-2024-21201 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wit...

K000148310: MySQL vulnerabilities CVE-2024-21213, CVE-2024-21194, CVE-2024-21218, CVE-2024-21199, and CVE-2024-21207

Security Advisory Description CVE-2024-21213 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to...

CVE-2024-10459

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...