CVE-2024-49856

CVE-2024-49856 — Linux kernel, x86 SGX: deadlock in SGX NUMA node search. When the current node lacks an EPC section and other EPCs are exhausted, the loop searching for a remote EPC page can deadlock, causing a soft lockup. The root cause is that nid_of_current is not set in sgx_numa_mask, so ni...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

Cross-site Scripting (XSS)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the messages section. An attacker can manipulate the displayed content and potentially execute harmful...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update...

Moderate: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

KLA74055 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Dataverse can be exploited remotely t...

RHEL 8 : grafana (RHSA-2024:8083)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8083 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: uplot: Prototype...

KLA73905 PE vulnerability in Microsoft Apps

An elevation of privilege vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-43604 Related products Microsoft-Outlook CVE list CVE-2024-43604 high Solution Install necessary updates from the KB section, that a...

UBUNTU-CVE-2024-43365

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

Cross-site Scripting (XSS)

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via uploaded SVG files. An attacker can execute arbitrary JavaScript code on the victim's browser by...

GHSA-255W-87RH-RG44 Cross-site Scripting via uploaded SVG

In Sulu v2.0.0 through v2.6.4 are vulnerable against XSS whereas a low privileged user with an access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ other users including admins browsers...

Cross-site Scripting via uploaded SVG

In Sulu v2.0.0 through v2.6.4 are vulnerable against XSS whereas a low privileged user with an access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ other users including admins browsers...

CVE-2024-47618

Sulu is a PHP content management system vulnerable to cross-site scripting (XSS) via uploaded SVG files. The issue allows a low-privilege user with access to the Media section to upload an SVG containing malicious payload, which executes in other users’ browsers when accessed. The vulnerability i...

PT-2024-32677 · Sulu · Sulu

Name of the Vulnerable Software and Affected Versions: Sulu versions 2.0.0 through 2.6.4 Description: Sulu, a PHP content management system, is vulnerable to XSS attacks. A low-privileged user with access to the "Media" section can upload an SVG file containing a malicious payload. Once uploaded...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : cups-filters (RHSA-2024:7553)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7553 advisory. The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS...

CVE-2024-47523

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which...

CVE-2024-47523

LibreNMS (PHP/MySQL/SNMP-based) has a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports Details field. The root cause is insufficient sanitization of user input in the Details section, allowing an attacker to inject JavaScript that executes in other users’ sessions. This aff...