PT-2024-20751 · Appsamvid · Appsamvid

Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue exists due to the usage of vulnerable and outdated components in the software. An attacker with local administrative privileges could exploit this by placing malicious DLLs on t...

WordPress Plugin Social Sharing Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Vyper's `extract32` can ready dirty memory

Summary When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. As of v0.4.0 specifically, commit...

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

AZL-34556 CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...

Weak Cryptography

DeviceFarmer is vulnerable to Weak Cryptography . The vulnerability is due to use of an outdated and insecure DES-ECB algorithm...

PT-2024-20051 · Notion · Notion

Name of the Vulnerable Software and Affected Versions: Notion versions prior to 3.1.0 Description: The issue might allow code execution because of RunAsNode and enableNodeClilnspectArguments. The vendor states that the attacker must launch the Notion Desktop application with nonstandard flags tha...

Squid Denial of Service Vulnerability (CNVD-2024-08086)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid versions prior to 6.6, which stems from an outdated pointer referenc...

Rollback Attack

github.com/notaryproject/notation is vulnerable to Rollback Attack. The vulnerability is caused when the container registry is compromised, allowing the attacker to provide outdated artifact versions when consumers have relaxed trust policies...

CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)

The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...

Fedora 38 : dotnet6.0 (2024-60bc18acfb)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-60bc18acfb advisory. This the January 2024 update for .NET 6. Release Notes: https://github.com/dotnet/core/blob/main/release- notes/6.0/6.0.26/6.0.26.md Tenable has extracted th...

MTN Group: DOM Based Reflected Cross Site Scripting

The outdated version of Swagger used by the notification-server-v2.sz-my.mtn.com asset was found to be vulnerable to a DOM-based reflected cross-site scripting vulnerability. The vulnerability was triggered by crafting a malicious URL that resulted in the execution of arbitrary scripts in the...

CVE-2023-50341

HCL DRYiCE MyXalytics is impacted by Improper Access Control Obsolete web pages vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint...

HCL Technologies DRYiCE MyXalytics Security Breach

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics due to a missing access control vulnerability in outdated and accessible web pages...

PT-2023-10833 · Unknown · Mdalamin-Aol Own Health Record

Name of the Vulnerable Software and Affected Versions: MdAlAmin-aol Own Health Record versions 0.1-alpha through 0.3.1-alpha Description: This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated...

PT-2023-9194 · Unknown · Asp.Net Zero

Name of the Vulnerable Software and Affected Versions: Asp.Net Zero versions prior to 12.3.0 Description: The issue is related to an open redirect through HTML injection in user messages, allowing remote attackers to redirect targeted victims to any URL via the '' in the WebSocket messages. This...

PT-2023-24289 · Woocommerce · Automatewoo

Name of the Vulnerable Software and Affected Versions: AutomateWoo versions 4.9.40 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This allows for the upload of files with potentially dangerous types,...

Out Of Date Public Suffix List

gsemac.net is vulnerable to Old Public Suffix List. The library utilizes an out of date Public Suffix list. This list contains all the public suffixes such as .net and .com...

Many major websites allow users to have weak passwords

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study, the researchers designed an algorithm that automatically determined a website’s password policy. With...

CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...