GDPR (DSGVO) & EPrivacy Cookie Consent Security Vulnerabilities

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most...

RHEL 8 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. cri-o: incorrect handling of the supplementary groups (CVE-2022-2995) flask: Possible disclosure of permanent session cookie due to...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-flask) (RHSA-2023:3444)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3444 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:6158)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : RHUI 4.4.0 - Security Fixes, Bug Fixes, and Enhancements Update (Moderate) (RHSA-2023:2101)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2101 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...

RHEL 8 / 9 : OpenShift Container Platform 4.12.21 (RHSA-2023:3545)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3545 advisory. golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) flask: Possible disclosure of permanent session...

RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: net/http, net/textproto,...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0189)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0189 advisory. Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to handle entity tags, cache control...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0733)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:0187)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0187 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fix(es): * Cookie request header isn't stripped during cross-origin...

RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2912 advisory. nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons (CVE-2016-1000232) nodejs-tough-cookie: Regular...

RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2913 advisory. nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010) Note that Nessus has not tested for this issue but has instead relied...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...

RHEL 6 : katello (RHSA-2012:1186)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1186 advisory. Katello allows you to manage the application life-cycle for Linux systems. Katello is used by CloudForms System Engine, an Infrastructure as a...

CVE-2024-33682

Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...

CVE-2024-33682

Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...

CVE-2024-33682 WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...

CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36029 BigBlueButton Greenlight Open Redirect vulnerability

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

U.S. Dept Of Defense: reflected xss [CVE-2020-3580]

Hey Security Team It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. website: ███████ attached When the user clicks submit, his information will be stolen Impact Cookie Stealing.....

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and...

Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details ** CVEID: CVE-2018-6561 DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by...

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...

Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by....

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload.....

Chaos RAT XSS to RCE

CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The webapp contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The webapp also...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...

CVE-2024-32789

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...

CVE-2024-32789

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...

Dan Solove on Privacy Regulation

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: "I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article." His mini-abstract: In this Article I argue that most of the time, privacy...

CVE-2024-32789 WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...