Security
Headlines
HeadlinesLatestCVEs

Tag

#web

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.

Packet Storm
#xss#vulnerability#web#ios#windows#java#perl#auth
Ubuntu Security Notice USN-6647-1

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6646-1

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Yealink Configuration Encrypt Tool Static AES Key

A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.

WordPress 6.4.3 Username Disclosure

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.

Fuelflow 1.0 SQL Injection

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

WEBIGniter 28.7.23 Cross Site Scripting

WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2024-0832-03

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

GHSA-q2cv-7j58-rfmj: Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.

Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen

By Deeba Ahmed FixedFloat suffered a significant loss of over 1,700 Ethereum and over 400 Bitcoin due to a drainer attack on February 18, 2024. This is a post from HackRead.com Read the original post: Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen