Trend Micro, Inc. Security Vulnerabilities

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4351-1)

The remote host is missing an update for...

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....

SUSE: Security Advisory (SUSE-SU-2024:1842-1)

The remote host is missing an update for...

openSUSE: Security Advisory for python (SUSE-SU-2023:0079-1)

The remote host is missing an update for...

CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...

SUSE: Security Advisory (SUSE-SU-2024:1167-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1129-1)

The remote host is missing an update for...

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the....

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version...

CVE-2024-31394

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

SUSE: Security Advisory (SUSE-SU-2024:1058-1)

The remote host is missing an update for...

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

openSUSE: Security Advisory for buildah (SUSE-SU-2024:1144-1)

The remote host is missing an update for...

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...

SUSE: Security Advisory (SUSE-SU-2024:0901-1)

The remote host is missing an update for...

openSUSE: Security Advisory for python (SUSE-SU-2023:0139-1)

The remote host is missing an update for...

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

SUSE: Security Advisory (SUSE-SU-2023:3835-1)

The remote host is missing an update for...

GitLab Web UI Detection

GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi...

SUSE: Security Advisory (SUSE-SU-2024:0877-1)

The remote host is missing an update for...

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

SUSE: Security Advisory (SUSE-SU-2024:1633-1)

The remote host is missing an update for...

SolarWinds ARM < 23.2.4 (2023-2-4_CVE-2024-23473)

The version of SolarWinds ARM installed on the remote host is prior to 23.2.4. It is, therefore, affected by a vulnerability as referenced in the 2023-2-4 advisory. The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If...

SUSE: Security Advisory (SUSE-SU-2024:0871-1)

The remote host is missing an update for...

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

openSUSE: Security Advisory for conmon (SUSE-SU-2023:2989-1)

The remote host is missing an update for...

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

CVE-2024-32131

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

openSUSE: Security Advisory for ucode (SUSE-SU-2023:4440-1)

The remote host is missing an update for...

openSUSE: Security Advisory for runc (SUSE-SU-2024:0459-1)

The remote host is missing an update for...

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

openSUSE: Security Advisory for ucode (SUSE-SU-2023:4500-1)

The remote host is missing an update for...

SUSE SLED15 / SLES15 Security Update : amavisd-new (SUSE-SU-2019:0505-1)

This update for amavisd-new fixes the following issues : wmavisd-new was updated to version 2.11.1 (bsc#1123389) : removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 (bsc#987887) amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a....

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

SUSE: Security Advisory (SUSE-SU-2024:0833-1)

The remote host is missing an update for...

Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation Fraud

By Waqas Memcyco Inc., a provider of digital trust technology designed to protect companies and their customers from digital impersonation… This is a post from HackRead.com Read the original post: Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation...

openSUSE: Security Advisory for suse (SUSE-SU-2023:4672-1)

The remote host is missing an update for...

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

SUSE: Security Advisory (SUSE-SU-2023:3661-1)

The remote host is missing an update for...