BIG-IP Advanced WAF, ASM, And APM Security Vulnerabilities

Ubuntu 24.04 LTS : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6746-2 advisory. USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. ...

WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.4.x < 5.4.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP4) (SUSE-SU-2024:2191-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2191-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

SUSE SLES12 Security Update : kernel (Live Patch 51 for SLE 12 SP5) (SUSE-SU-2024:2202-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2202-1 advisory. This update for the Linux Kernel 4.12.14-122_186 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed an...

WordPress 6.2.x < 6.2.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.5.x < 5.5.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.0.x < 5.0.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.1.x < 4.1.41 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Mageia: Security Advisory (MGASA-2024-0238)

The remote host is missing an update for...

WordPress 4.8.x < 4.8.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.3.x < 5.3.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Automad 2.0.0-alpha.4 Cross Site Scripting

...

Ubuntu: Security Advisory (USN-6848-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0239)

The remote host is missing an update for...

CVE-2024-34581

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerability (USN-6850-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6850-1 advisory. It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly...

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.2.x < 5.2.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.1.x < 5.1.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.9.x < 5.9.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.7.x < 5.7.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.4.x < 6.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : avahi (SUSE-SU-2024:2200-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2200-1 advisory. - CVE-2023-38471: Fixed a reachable assertion in dbus_set_host_name. (bsc#1216594) -...

RHEL 9 : kernel-rt (RHSA-2024:4106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

...

SolarWinds Platform 2024.1 SR1 Race Condition

...

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:2207-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2207-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2195-1 advisory. - Fix bsc#1224158 - this fixes: CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...

Debian dsa-5720 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5720 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5720-1 [email protected] ...

Progress MOVEit Transfer 2023.0.x < 2023.0.11 / 2023.1.x < 2023.1.6 / 2024.0.x < 2024.0.2 Authentication Bypass (June 2024)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....

SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:2217-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2217-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...

WordPress 4.2.x < 4.2.38 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

MLflow Unauthenticated Access

By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web...

Ollama Unauthenticated Access

By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web...

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

MLflow Default Credentials

By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on...

Langflow Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and...

ROS-20240626-07

A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access...

GeoSolutionsGroup JAI-EXT Code Injection Vulnerability

GeoSolutionsGroup JAI-EXT, a component of GeoSolutions GeoServer, contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code...

SolarWinds Platform 2024.1 SR1 - Race Condition

...

Ollama Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ollama instance on the target application. Ollama is an open-source application to quickly set up various...

ROS-20240626-14

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL....

Langflow Unauthenticated Access

By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they...

WordPress 4.7.x < 4.7.29 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...