CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...

SUSE-RU-2024:4008-1 Security update for SUSE Manager Server 5.0

This update fixes the following issues: uyuni-storage-setup: - Version 5.0.3-0 Do not create partition on extra storage disk - Version 5.0.2-0 Do not build debuginfo package uyuni-tools: - Security issues fixed: Version 0.1.24-0 + CVE-2024-22037: Use podman secret to store the database credential...

WordPress plugin WP Quick Setup 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Vulnerabilities of Linux operating system kernel components related to fs/aio, which allow attackers to cause service failures

The vulnerability of Linux operating system’s fs/aio kernel components is related to the double allocation of memory slots in the functions aiosetupring and kiocbset CancelFn. Exploiting this vulnerability can allow an attacker to cause a service failure...

Malicious code in instacart-roulette-daemon-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3b808e86bd3e62945973ac3b25e0f07437a3031a13b6dd2a0567eba90a63821 During installation, the obfuscated code attempts to exfiltrate basic information about the host. There is no other purpose of the package --- Category:...

Malicious code in random-security-test-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d5e8dadc66c780e3fc3351cf55a305fe623b46a48e96847a7da95ea0e5ec211 During installation, the obfuscated code attempts to exfiltrate basic information about the host. There is no other purpose of the package --- Category:...

Exploit for Improper Input Validation in Saleor

saleor-platform All Saleor services started from a single repo...

CVE-2024-24457

An invalid memory access when handling the ProtocolIEID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...

CVE-2024-52508

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...

CVE-2024-24450

Stack-based memcpy buffer overflow in the ngaphandlepdusessionresourcesetupresponse routine in OpenAirInterface CN5G AMF = 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource...

CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...

CVE-2024-52508

CVE-2024-52508 affects Nextcloud Mail. The auto configuration flow can cause email account details to be sent to an attacker-controlled autoconfig.tld when a user’s domain cannot auto-configure. Affected Nextcloud Mail versions include pre-1.14.6, pre-1.15.4, pre-2.2.11, pre-3.6.3, pre-3.7.7, and...

WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Quick Setup versions = 2.0...

CVE-2024-24450

Stack-based memcpy buffer overflow in the ngaphandlepdusessionresourcesetupresponse routine in OpenAirInterface CN5G AMF = 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource...

CVE-2024-24457

An invalid memory access when handling the ProtocolIEID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...

CVE-2024-24457

An invalid memory access when handling the ProtocolIEID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...

WordPress WP Quick Setup Plugin <= 2.0 is vulnerable to Arbitrary File Upload

Software WP Quick Setup Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52429 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ceb3ca8b7fc9 Credits Mika Required privilege Subscriber Published...

PT-2024-20407 · Athonet · Athonet Vepc Mme

Name of the Vulnerable Software and Affected Versions: Athonet vEPC MME version 11.4.0 Description: The issue is related to an invalid memory access when handling the ProtocolIE ID field of S1Setup Request messages. This allows attackers to cause a Denial of Service DoS to the cellular network by...

PT-2024-20397 · Unknown · Oai-Cn5G-Amf

Name of the Vulnerable Software and Affected Versions: oai-cn5g-amf versions up to v2.0.0 Description: A buffer overflow in the ngap amf handle pdu session resource setup response function allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty...

PT-2024-20400 · Unknown · Openairinterface Cn5G Amf

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF versions = 2.0.0 Description: The issue is a stack-based memcpy buffer overflow in the ngap handle pdu session resource setup response routine. This allows a remote attacker with access to the N2 interface to...