Latest low severity Vulnerabilities

Watchdog Antivirus v1.6.415 - Denial of Service
Bkav Home v7816, build 2403161130 - Kernel Memory Leak
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insuff...
Important: golang security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for IBM z Systems
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for ARM 64
Important: go-toolset:rhel8 security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for ARM 64
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for IBM z Systems
Important: kpatch-patch security update
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Important: kpatch-patch security update
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
Important: shim security update
Red Hat Red Hat Enterprise Linux for Scientific Computing
Red Hat Red Hat Enterprise Linux Desktop
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux Workstation
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
redhat/mokutil<15.8-1.el7
and 7 more
Hydra has persistent XSS vulnerability serving HTML build outputs
### Summary Using a version of `sqlparse` that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using `sqlparse==0.5` but this causes a conflict with ...
pip/dbt-core>=1.7.0<1.7.13
pip/dbt-core>=1.6.0<1.6.13
Insufficient input filtering of "package name" allows command execution in the device with shell privileges
FreeRDP Out-Of-Bounds Read in interleaved_decompress
FreeRDP Out-Of-Bounds Read in ncrush_decompress
FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle
FreeRDP OutOfBound Read in zgfx_decompress_segment
FreeRDP vulnerable to integer underflow in nsc_rle_decode
FreeRDP Integer overflow & OutOfBound Write in clear_decompress_residual_data
VFS Sandbox Escape in CrushFTP
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution.
go/code.gitea.io/gitea>=1.1.0<1.12.6
### Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...
go/github.com/docker/docker<20.10.14
go/github.com/moby/moby<20.10.14
### Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, use...
npm/@hoppscotch/cli<0.8.0
### Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists o...
composer/librenms/librenms<24.4.0
LibreNMS's Time-Based Blind SQL injection leads to database extraction
composer/librenms/librenms<24.4.0
LibreNMS's Improper Sanitization on Service template name leads to Stored XSS
composer/librenms/librenms<24.4.0
### Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. ### Vuln...
composer/librenms/librenms<24.4.0
LibreNMS vulnerable to time-based SQL injection that leads to database extraction
composer/librenms/librenms<24.4.0
### Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. ### Details Th...
composer/librenms/librenms<24.4.0
### Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think...
maven/io.github.skylot:jadx-core<1.5.0
### Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: * The file authentication backend is being used. * The [watch](ht...
go/github.com/authelia/authelia/v4>=4.37.0<4.38.0
### Impact We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account...
maven/io.antmedia:ant-media-server>=2.6.0<2.9.0
Ant Media Server vulnerable to local privilege escalation
maven/io.antmedia:ant-media-server>=2.6.0<2.9.0
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version...
maven/org.apache.hugegraph:hugegraph-core>=1.0.0<1.3.0
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble. This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, wh...
maven/org.apache.hugegraph:hugegraph-hubble>=1.0.0<1.3.0
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, whic...
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficien...
Apache HugeGraph-Server: Bypass whitelist in Auth mode
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Apache HugeGraph-Server: Command execution in gremlin
maven/org.apache.hugegraph:hugegraph-core>=1.0.0<1.3.0
maven/org.apache.hugegraph:hugegraph-api>=1.0.0<1.3.0
Apache HugeGraph-Hubble: SSRF in Hubble connection page
maven/org.apache.hugegraph:hugegraph-hubble>=1.0.0<1.3.0
Moderate: java-11-openjdk security update
Red Hat Red Hat CodeReady Linux Builder for ARM 64
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates
Red Hat Red Hat Enterprise Linux Server - TUS
Red Hat Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for IBM z Systems - Extended Update Support
and 16 more
Cross-Site Scripting in the Holded application
WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability
WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability
WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability
WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability
Low: thunderbird security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for ARM 64
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for IBM z Systems
Low: thunderbird security update
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux for ARM 64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for x86_64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux Server - TUS
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
and 1 more
Low: thunderbird security update
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux Desktop
Red Hat Red Hat Enterprise Linux Workstation
Low: thunderbird security update
Red Hat Red Hat Enterprise Linux Server - TUS
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203