CVE-2024-1385 WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access an...

CVE-2024-1385

The CVE refers to WP-Stateless (Google Cloud Storage) for WordPress, with a missing capability check in dismiss_notices() that affects all versions up to 3.4.0. The vulnerability allows authenticated users with subscriber-level access and above to update arbitrary option values to the current tim...

util-linux bug fix update

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The util-linux packages contain a large variety of low-level system...

SUSE CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

Leicester City Council’s IT System and Phones Down Amid Cyber Attack

By Waqas Another day, another cyber attack on a local council in England! This is a post from HackRead.com Read the original post: Leicester City Councils IT System and Phones Down Amid Cyber Attack...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

UBUNTU-CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2024-1320

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Plugin EventPrime Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-17940 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Stored Cross-Site Scripting via the offline status parameter due to insufficient input...

[SECURITY] Fedora 40 Update: xmvn-4.2.0-8.fc40

This package provides extensions for Apache Maven that can be used to manage system artifact repository and use it to resolve Maven artifacts in offline mode, as well as Maven plugins to help with creating RPM packages containing Maven artifacts...

[SECURITY] Fedora 40 Update: icedtea-web-1.8.8-5.fc40

The IcedTea-Web project provides a free software implementation of Java Web Start, originally based on the NetX, project. IcedTea's NetX currently supports verification of signed jars, trusted certificate storing, system certificate store checking, and provides the services specified by the jnlp...

BIT-VAULT-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

DEBIAN-CVE-2021-47090

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

UBUNTU-CVE-2021-47090

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

Silicon Labs PC Controller Security Vulnerability

Silicon Labs PC Controller is an installation and maintenance tool for Z-Wave networks from Silicon Labs that allows developers to manage Z-Wave devices on a PC for network configuration, troubleshooting, and monitoring. A security vulnerability exists in Silicon Labs PC Controller v5.54.0 and...

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

Input validation

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

PT-2024-13761 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy vulnerability exists in the salt generation functionality. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather syst...

OESA-2023-1956 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...