PT-2024-1945 · Withsecure · Withsecure Server Security +7

Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...

CVE-2024-1635

Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...

Code injection

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

Canto < 3.0.7 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the 'abspath' parameter due to the use of the includeonce statement on the parameter allowing remote file inclusion. This makes it possible for unauthenticated attackers to execute code on the server...

CVE-2024-23764

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...

CVE-2024-23764

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...

WithSecure products Security breaches

WithSecure products are a range of security software from the Finnish company WithSecure. A security vulnerability exists in some WithSecure products. An attacker can exploit the vulnerability to escalate privileges. The following products and versions are affected: WithSecure Client Security...

CVE-2024-23764

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...

PT-2024-20067 · Withsecure · Withsecure Elements Endpoint Protection +3

Name of the Vulnerable Software and Affected Versions: WithSecure Client Security versions 15 and later WithSecure Server Security versions 15 and later WithSecure Email and Server Security versions 15 and later WithSecure Elements Endpoint Protection versions 17 and later Description: Certain...

CVE-2024-23764

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...

CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

CVE-2021-4436

The CVE-2021-4436 entry corresponds to the WordPress plugin 3DPrint Lite, affected versions prior to 1.9.1.5. The vulnerability is an unauthenticated arbitrary file upload via the p3dlite_handle_upload AJAX action, caused by missing authorization and file validation. The presence of a .htaccess d...

MGASA-2024-0022 Updated x11-server, x11-server-xwayland and tigervnc fix security issues

The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. CVE-2023-6816 Reattaching to different master device may lead to out-of-bounds memory access. CVE-2024-0229 Heap buffer overflow in XISendDeviceHierarchyEvent. CVE-2024-21885 Heap...

Dash apps vulnerable to Cross-site Scripting

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

AMPPS Security Vulnerabilities

AMPPS is a suite of software from AMPPS Inc. designed to quickly install Apache, MySQL, PHP, Perl and Python and create a web server environment. A security vulnerability exists in AMPPS version 2.7, which stems from the component Encryption Passphrase Handler that can cause a denial of service...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : MySQL vulnerabilities (USN-6615-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6615-1 advisory. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has...

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

Sql injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

SUSE-SU-2024:0109-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...