Latest high severity Vulnerabilities

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insuff...
Important: golang security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for IBM z Systems
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for ARM 64
Important: go-toolset:rhel8 security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for ARM 64
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for IBM z Systems
Important: kpatch-patch security update
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Important: kpatch-patch security update
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
Important: shim security update
Red Hat Red Hat Enterprise Linux for Scientific Computing
Red Hat Red Hat Enterprise Linux Desktop
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux Workstation
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
redhat/mokutil<15.8-1.el7
and 7 more
### Summary Using a version of `sqlparse` that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using `sqlparse==0.5` but this causes a conflict with ...
pip/dbt-core>=1.7.0<1.7.13
pip/dbt-core>=1.6.0<1.6.13
FreeRDP Out-Of-Bounds Read in interleaved_decompress
FreeRDP Out-Of-Bounds Read in ncrush_decompress
FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle
FreeRDP OutOfBound Read in zgfx_decompress_segment
FreeRDP vulnerable to integer underflow in nsc_rle_decode
FreeRDP Integer overflow & OutOfBound Write in clear_decompress_residual_data
VFS Sandbox Escape in CrushFTP
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution.
go/code.gitea.io/gitea>=1.1.0<1.12.6
### Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, use...
npm/@hoppscotch/cli<0.8.0
### Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists o...
composer/librenms/librenms<24.4.0
LibreNMS's Time-Based Blind SQL injection leads to database extraction
composer/librenms/librenms<24.4.0
LibreNMS's Improper Sanitization on Service template name leads to Stored XSS
composer/librenms/librenms<24.4.0
### Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. ### Vuln...
composer/librenms/librenms<24.4.0
### Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. ### Details Th...
composer/librenms/librenms<24.4.0
LibreNMS vulnerable to time-based SQL injection that leads to database extraction
composer/librenms/librenms<24.4.0
### Impact We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account...
maven/io.antmedia:ant-media-server>=2.6.0<2.9.0
Ant Media Server vulnerable to local privilege escalation
maven/io.antmedia:ant-media-server>=2.6.0<2.9.0
Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble. This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, wh...
maven/org.apache.hugegraph:hugegraph-hubble>=1.0.0<1.3.0
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, whic...
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version...
maven/org.apache.hugegraph:hugegraph-core>=1.0.0<1.3.0
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Apache HugeGraph-Server: Bypass whitelist in Auth mode
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Apache HugeGraph-Server: Command execution in gremlin
maven/org.apache.hugegraph:hugegraph-core>=1.0.0<1.3.0
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Apache HugeGraph-Hubble: SSRF in Hubble connection page
maven/org.apache.hugegraph:hugegraph-hubble>=1.0.0<1.3.0
WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability
WordPress Language Switcher for Transposh plugin <= 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress 3D FlipBook, PDF Viewer, PDF Embedder plugin <= 3.62 - Reflected Cross Site Scripting (XSS) vulnerability
Important: Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) security update
Red Hat Red Hat OpenStack
redhat/openstack-tripleo-heat-templates<14.3.1-17.1.20231103010826.2.el9
redhat/python-yaql<1.1.3-11.el9
redhat/python3-yaql<1.1.3-11.el9
Important: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update
Red Hat Red Hat OpenStack
redhat/openstack-tripleo-heat-templates<14.3.1-17.1.20231103003748.2.el8
redhat/python-yaql<1.1.3-11.el8
redhat/python3-yaql<1.1.3-11.el8
Important: nodejs:18 security update
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates
and 32 more
Important: Red Hat build of Quarkus 2.13.9.SP2 release and security update
Red Hat Red Hat Build of Quarkus
Important: Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available (updates to RHBQ 2.13.9.SP2)
Red Hat Red Hat Integration
Tenda FH1206 addressNat fromAddressNat buffer overflow
Unitronics Vision Standard Unauthenticated Password Retrieval
Privilege Escalation in U-Series Appliance
Privilege Escalation in U-Series Appliance
### Impact The application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such a...
npm/@hono/node-server>=1.3.0<1.10.1
### Summary `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. ### Details Verified at `0.22` and `0.23` `rustls`, but 0.21 and 0.20 release lines are a...
rust/rustls=0.20
rust/rustls>=0.21.0<=0.21.10
rust/rustls>=0.22.0<=0.22.3
rust/rustls>=0.23.0<=0.23.4
@hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed
npm/@hono/node-server>=1.3.0<1.10.1
Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
rust/rustls=0.20
rust/rustls>=0.21.0<=0.21.10
rust/rustls>=0.22.0<=0.22.3
rust/rustls>=0.23.0<=0.23.4
Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203