Embedded Web Servers In All Modicon M340, Premium, Quantum Plcs And Bmxnor0200 Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

CVE-2024-5349

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2024-5349

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the....

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated,...

CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-5419 Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...

CVE-2021-3738 affecting package samba 4.12.5-6

CVE-2021-3738 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-23192 affecting package samba 4.12.5-6

CVE-2021-23192 affecting package samba 4.12.5-6. No patch is available...

CVE-2017-6829 affecting package audiofile 0.3.6-27

CVE-2017-6829 affecting package audiofile 0.3.6-27. No patch is available...

CVE-2012-2653 affecting package arpwatch 2.1a15-51

CVE-2012-2653 affecting package arpwatch 2.1a15-51. No patch is available...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-1999-0901 affecting package ypserv 4.1-4

CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...

CVE-2019-17414 affecting package vino 3.22.0-20

CVE-2019-17414 affecting package vino 3.22.0-20. No patch is available...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

CVE-2019-12280 affecting package toolbox 0.0.18-9

CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2005-0868 affecting package tn5250 0.17.4-26

CVE-2005-0868 affecting package tn5250 0.17.4-26. No patch is available...

CVE-1999-1090 affecting package telnet 0.17-81

CVE-1999-1090 affecting package telnet 0.17-81. This CVE either no longer is or was never...

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20. No patch is available...

CVE-2020-14323 affecting package samba 4.12.5-6

CVE-2020-14323 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-14383 affecting package samba 4.12.5-6

CVE-2020-14383 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-14318 affecting package samba 4.12.5-6

CVE-2020-14318 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...