PT-2024-30798 · Themeum · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding versions 2.1.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themeum WP Crowdfunding, allowing exploitation of incorrectly configured access control security levels. Recommendations...

Google Chrome < 130.0.6723.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop22 advisory. - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a...

Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.3.1 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.1 or...

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

PLANET switch devices 安全漏洞

PLANET switch devices are a series of switch devices from PLANET China. A security vulnerability exists in PLANET switch devices that stems from the fact that the SNMPv3 service only supports outdated authentication protocols and encryption protocols, allowing an attacker to potentially obtain...

Ubuntu: Security Advisory (USN-7034-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7034-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-41022 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates versions prior to 2.64 Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority...

PT-2024-32516 · Unknown · Use Any Font

Name of the Vulnerable Software and Affected Versions: Use Any Font versions n/a through 6.3.08 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through 6.3.08, update to a version later than 6.3....

Ubuntu 20.04 LTS / 22.04 LTS : ca-certificates update (USN-7034-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7034-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version...

PT-2024-41021 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates affected versions not specified Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate...

WordPress plugin WP Simple Booking Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on...

PT-2024-28240 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a driver that points outdated pointers to references that are still available...

Oracle Siebel CRM SEoL (8.1.x)

According to its version, Oracle Siebel CRM is 8.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...