GHSA-9RMP-2568-59RV rPGP Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

Regular Expression Denial Of Service (ReDoS)

cross-spawn is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, which allows an attacker to craft a large string that increases CPU usage and crashes the program...

Intel Computing Improvement Program PyInstaller Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operat...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

CVE-2024-53739 WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

The vulnerability of the Intel Computing Improvement Program (Intel CIP) data collection tool, related to insufficient verification of input data, allows attackers to enhance their privileges.

The vulnerability of the data collection tool under the Intel Computing Improvement Program Intel CIP is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Intel Computing Improvement Program (Intel CIP) data collection tool, related to deficiencies in access control, allows attackers to enhance their privileges.

The vulnerability of the data collection tool under the Intel Computing Improvement Program Intel CIP is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...

CVE-2024-52501 WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0...

[SECURITY] Fedora 41 Update: perl-Module-ScanDeps-1.37-1.fc41

This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC e.g. Test/More.pm. The values are hash references...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-21703

This CVE describes a Medium severity Security Misconfiguration in Confluence Data Center and Server for Windows, introduced in version 8.8.1. An authenticated attacker on the Windows host can read sensitive information about the Confluence Data Center configuration, impacting confidentiality, int...

CVE-2024-6831

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for...

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

CVE-2024-8772

The CVE-2024-8772 issue affects AXIS OS (AXIS devices) via the VAPIX API endpoint managedoverlayimages.cgi. The vulnerability is a race condition that can be exploited to block access to the overlay configuration page in the web interface, and it requires authentication with an operator- or admin...