WordPress Symposium <=15.8.1 - Cross-Site Scripting

WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2015-9414 info: name:...

Ubuntu: Security Advisory (USN-7705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2022-23538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used ...

RHSA-2025:3997 Red Hat Security Advisory: mod_auth_openidc:2.3 security update

Bulletin has no description...

[SECURITY] [DSA 5825-1] ceph security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5825-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2024 https://www.debian.org/security/faq -...

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the updateauth function...

NETGEAR JWNR2000 and XWN5001 and XAVN2001 Security Vulnerabilities

NETGEAR XWN5001 and NETGEAR JWNR2000 are both products of NETGEAR Corporation.NETGEAR XWN5001 is a wireless access point.NETGEAR JWNR2000 is a wireless router. A security vulnerability exists in NETGEAR JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7, which stems from a multiple...

SUSE-SU-2023:0460-1 Security update for prometheus-ha_cluster_exporter

This update for prometheus-haclusterexporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit bsc1208046, bsc1208047...

Moderate: Red Hat Security Advisory: rh-dotnet31-curl security update

An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 35 Update: mod_auth_mellon-0.18.0-1.fc35

The modauthmellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server...

Rare Bootkit Malware Targets North Korea-Linked Diplomats

A firmware bootkit has been spotted in the wild, targeting diplomats and members of non-governmental organizations NGOs from Africa, Asia and Europe. It has turned out to be part of a newly uncovered framework called MosaicRegressor. According to researchers from Kaspersky, code artifacts in some...

PT-2019-19128 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.5 Description: An authentication issue was addressed with improved state management, potentially allowing a user to be unexpectedly logged in to another user’s account. Recommendations: For macOS versions prior t...

Debian DLA-1756-1 : libxslt security update

It was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format. The xsltCheckRead and xsltCheckWrite routines permitted access upon receiving an-1 error code and as xsltCheckRead returned -1 for a...

SUSE-SU-2019:0174-1 Security update for python-paramiko

This update for python-paramiko to version 2.4.2 fixes the following issues: Security issue fixed: - CVE-2018-1000805: Fixed an authentication bypass in authhandler.py bsc1111151 Non-security issue fixed: - Disable experimental gssapi support bsc1115769...

SUSE-SU-2018:0214-1 Security update for curl

This update for curl fixes several issues. These security issues were fixed: - CVE-2017-1000254: Fix FTP PWD response parser out of bounds read bsc1061876. - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001 Also the following adjustment wa...

SUSE-SU-2015:2183-1 Security update for strongswan

The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817...

SUSE-SU-2015:0709-1 Security update for subversion

Subversion has been updated to fix a security problem: bnc889849: Reveal authentication information through an md5 collision attack on authentication realm CVE-2014-3528 Security Issues: CVE-2014-3528...

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

CVE-2008-3324

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...