KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

python-drgn bug fix and enhancement update

An update is available for python-drgn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....

wireguard-tools bug fix and enhancement update

An update is available for wireguard-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

NetworkManager-libreswan bug fix and enhancement update

An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...

containers-common bug fix and enhancement update

An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The containers-common package contains common configuration files.....

xdp-tools bug fix and enhancement update

An update is available for xdp-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

(RHSA-2024:3483) Moderate: Red Hat Ansible Automation Platform 2.4 Container Security and Bug Fix Update

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...

List of Security Fixes and Improvements in Veeam Agent for Microsoft Windows

This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Microsoft...

python3.12-pycparser bug fix and enhancement update

An update is available for python3.12-pycparser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

virtio-win bug fix and enhancement update

An update is available for virtio-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....

python3.12-lxml bug fix and enhancement update

An update is available for python3.12-lxml. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

rust-afterburn bug fix and enhancement update

An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2023-4223

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...

Exponent CMS < 2.4.0 Multiple SQLi and RCE Vulnerabilities

Exponent CMS is prone to multiple SQL injection (SQLi) and remote code execution (RCE)...

TP-Link TD-W8951ND XSS and CSRF Vulnerabilities

TP-Link TD-W8951ND is prone to cross-site scripting (XSS) and cross-site request forgery (CSRF)...

Improper Authorization org.springframework.security:spring-security-core Dependency in Crowd Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS...

Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus

CVE-2022-25949 A years-old exploit of a local EoP...

Microsoft Windows Help and Support Center RCE Vulnerability

Microsoft Windows is prone to a remote code execution (RCE) vulnerability. This VT has been replaced...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...

pcp security, bug fix, and enhancement update

An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...

flatpak security, bug fix, and enhancement update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed...

bash-completion bug fix and enhancement update

An update is available for bash-completion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python-configshell bug fix and enhancement update

An update is available for python-configshell. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

python-urllib3 bug fix and enhancement update

An update is available for python-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for...

Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...

Apache Karaf Cave: Cave SSRF and arbitrary file access

This issue affects all versions of Apache Karaf Cave. As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are....

Malicious code in forenitz (PyPI)

-= Per source details. Do not edit below this...

Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. < 3.0.6 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization....

Arigato Autoresponder and Newsletter < 2.7.2.4 - Cross-Site Request Forgery

Description The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.3. This is due to missing or incorrect nonce validation on the contact_form() function. This makes it possible for unauthenticated...

Moderate: mod_jk and mod_proxy_cluster security update

The mod_jk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fix(es): httpd: Apache Tomcat Connectors (mod_jk) Information...

python3.12-cffi bug fix and enhancement update

An update is available for python3.12-cffi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

aardvark-dns bug fix and enhancement update

An update is available for aardvark-dns. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The aardvark-dns package is and authoritative DNS server for A/AAAA...

rust-bootupd bug fix and enhancement update

An update is available for rust-bootupd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

pki-core bug fix and enhancement update

An update is available for pki-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

fuse-overlayfs bug fix and enhancement update

An update is available for fuse-overlayfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

virt-v2v bug fix and enhancement update

An update is available for virt-v2v. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

rdma-core bug fix and enhancement update

An update is available for rdma-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

Royal Elementor Addons and Templates < 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This...

Apache OpenOffice 'Unquoted Search Path' and RCE Vulnerabilities

Apache OpenOffice is prone to an unquoted windows search path and remote code execution (RCE)...

Apache Archiva Cross Site Scripting And CSRF Vulnerabilities

Apache Archiva is prone to cross-site request forgery (CSRF) and cross-site scripting...

Build Numbers and Versions of Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

This KB article lists all versions of Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization and their respective build...

vBulletin Forum Arbitrary File Deletion And RCE Vulnerabilities

vBulletin is prone to arbitrary file deletion and remote code execution (RCE)...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129)

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....

Malicious code in ef323refefeffe (PyPI)

-= Per source details. Do not edit below this...

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can.....