Kaspersky Security Center & Kaspersky Security Center Web Console Security Vulnerabilities

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-5419 Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...

Exploit for CVE-2024-6387

Link to Qualys Write-Up:...

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-4679

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....

CVE-2024-2819

Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...

CVE-2024-2819

Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...

CVE-2024-4679

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-2819 File Permission Vulnerability in Hitachi Ops Center Common Services

Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...

CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....

degerforsmusikkar.se Cross Site Scripting vulnerability OBB-3939928

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

toscanakarneval.dk Cross Site Scripting vulnerability OBB-3939927

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mec-kreischa.de Cross Site Scripting vulnerability OBB-3939926

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

karnevalsclub-lungkwitz.de Cross Site Scripting vulnerability OBB-3939925

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

nancy-roemer.de Cross Site Scripting vulnerability OBB-3939924

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

CVE-2016-10000

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

Security Bulletin: TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE

Summary TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE. A patch has been provided that updates the Java SE library. CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd

Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details ** CVEID: CVE-2023-26604 DESCRIPTION: **systemd could allow a local authenticated attacker to gain elevated privileges on...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details ** CVEID: CVE-2022-42896 DESCRIPTION: **Linux...

Tuesday, July 2, 2024 Security Releases

Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 1 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...

Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack

The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...

drivemode.oneskyapp.com Cross Site Scripting vulnerability OBB-3939922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

digit-eyes.com Cross Site Scripting vulnerability OBB-3939921

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-39314

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-39313

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known...