30457 matches found
Android Security Bulletin October 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
Wear OS Security Bulletin—October 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2024-10-05 or later from the October 2024 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...
CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4
CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4. A patched version of the package is available...
CVE-2024-47768
CVE-2024-47768 affects Lif Authentication Server (Lif). The vulnerability lies in the account recovery flow where there is no check to verify that the user has received the recovery email or entered the correct code. An attacker who knows the target’s email can supply the email and trigger a pass...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
[SECURITY] [DSA 5782-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5782-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2024 https://www.debian.org/security/faq -...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable and reported in Apache ActiveMQ
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, with vulnerability 264654 . Vulnerability Details IBM X-Force ID: 264654 DESCRIPTION: Apache ActiveMQ NMS could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Body...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused ...
PT-2024-9618 · Gstreamer +7 · Gstreamer +7
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an out-of-bounds OOB read vulnerability in the gst avi subtitle parse gab2 chunk function within gstavisubtitle.c. This function reads the name length value directly fro...
PT-2024-9615
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description A vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of...
PT-2024-6649 · Atlassian +1 · Confluence +5
Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.11.3 and previous versions Apache Avro versions prior to 1.11.4 Bamboo Data Center and Server versions 9.2.1, 9.6.0, and 10.0.0-rc3 Bitbucket Data Center and Server versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0,...
SUSE-SU-2024:3454-1 Security update for kubernetes1.28
This update of kubernetes1.28 fixes the following issues: - rebuild the package with the current go 1.23 security release bsc1229122...
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a...
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin
📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...
openSIS 9.1 - SQLi (Authenticated)
Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Date: 09.09.2024 Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux ...
WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...
PT-2024-9585 · Gstreamer +8 · Gstreamer +8
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst matroska demux add wvpk header function...
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Summary If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected...
Exploit for Special Element Injection in Google Android
CVE-2024-0044/A-307532206https://nvd.nist.gov/vuln/detail/CVE...