Aggregator

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Pro-Russia group NoName targeted the websites of Italian airports North Korea actors use OtterCookie malware in Contagious Interview […]

Security Affairs newsletter Round

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery. This vulnerability is known as CVE-2024-13032. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13031. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Pegasi Web Server 0.2.2 and classified as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2004-2618. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #467694 / VDB-218303

Submit #466551 / VDB-289765

Submit #466550 / VDB-289764

Submit #466530 / VDB-289764

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-13030. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

Submit #467909 / VDB-289763

Submit #467907 / VDB-289763

Submit #467908 / VDB-289763

Submit #467905 / VDB-289763

Submit #467906 / VDB-289763

Submit #467904 / VDB-289763

Submit #467903 / VDB-289763

A vulnerability was found in Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1. It has been declared as critical. This vulnerability affects the function reset_method_store of the component PCI. The manipulation leads to memory leak. This vulnerability was named CVE-2024-56745. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.1. It has been classified as critical. This affects the function nfs3_read_done of the component localio. The manipulation of the argument res.replen leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-56740. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.