CVE-2024-40893 Firewalla BTLE Authenticated Command Injection

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

The top stories coming out of the Black Hat cybersecurity conference

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

Malicious code in syf-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aaf53164384bcbeeceafc8ee843317d9daac2a3f5fe99a0692b9f572f3fead3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ooflienro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 460421ad4c16e7311d70839005722b20fb615154541c29ea376e7029a210e50f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-41816

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...

CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...

Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT aka Strigoi Master. "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijac...

PT-2024-29582 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.8.0 Description: The issue is related to Persistent Cross-Site Scripting XSS via the cooked-timer shortcode due to insufficient input sanitization and output escaping. This allows...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.3 security and bug fix update

OpenShift API for Data Protection OADP 1.3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GHSA-GC5H-6JX9-Q2QH eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

Impact The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the uploa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when the CXL subsystem automatically assembles the pmem region during cxl endpoint port probin...

PT-2024-10242 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 10.1 Description: The issue is related to improper allocation of resources, which could allow a remote attacker to cause a denial of service using persistent connections. This is due to an incorrect...

Security Bulletin: Information disclosure in persistent watchers handling

Summary Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.16 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Malicious code in stylishteks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40a8ed6d750df7841026d152bf8840677964a636c2377940003db377ae525481 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in addcohort (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e7c7c14de394a6a49ce28fc5eac784de2b16faab93f257a8f142b5b32564bfd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...