Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-0845 PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

6AI Score

0.001EPSS

2024-06-18 02:37 AM
cvelist
cvelist

CVE-2024-0845 PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

0.001EPSS

2024-06-18 02:37 AM
2
vulnrichment
vulnrichment

CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-18 02:37 AM
cvelist
cvelist

CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

0.0005EPSS

2024-06-18 02:37 AM
1
cvelist
cvelist

CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

0.0004EPSS

2024-06-18 02:37 AM
2
vulnrichment
vulnrichment

CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-18 02:37 AM
nessus
nessus

Oracle Linux 8 : flatpak (ELSA-2024-3961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3961 advisory. - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has.....

8.4CVSS

8.3AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
nessus
nessus

RHEL 7 : flatpak (RHSA-2024:3980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

RHEL 8 : container-tools:rhel8 update (Moderate) (RHSA-2024:3968)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3968 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-18 12:00 AM
2
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3969)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3969 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Oracle Linux 9 : firefox (ELSA-2024-3955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3955 advisory. [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 Tenable has...

7.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Debian dla-3831 : nano - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3831 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3831-1 [email protected] ...

4.7CVSS

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...

6.5CVSS

6.2AI Score

0.006EPSS

2024-06-18 12:00 AM
2
nessus
nessus

Debian dla-3833 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3833 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3833-1 [email protected] ...

5.3CVSS

6AI Score

0.006EPSS

2024-06-18 12:00 AM
1
zdi
zdi

Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

Debian dsa-5714 : roundcube - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5714 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected] ...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Python SSL Vulnerability (Jun 2024) - Linux

Python is prone to a vulnerability in the ssl...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3972)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8AI Score

0.0004EPSS

2024-06-18 12:00 AM
vulnrichment
vulnrichment

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation...

6.8AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2042-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2042-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...

5.9CVSS

5.6AI Score

0.001EPSS

2024-06-18 12:00 AM
nessus
nessus

Fedora 40 : python-authlib (2024-7cc9a030d9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7cc9a030d9 advisory. Update to v1.3.1 (CVE-2024-37568) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus.....

7.5CVSS

7.4AI Score

0.0005EPSS

2024-06-18 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...

7.6AI Score

EPSS

2024-06-18 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2024:2036-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2036-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....

6.6AI Score

EPSS

2024-06-18 12:00 AM
cvelist
cvelist

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation...

0.0004EPSS

2024-06-18 12:00 AM
f5
f5

K000140043: runc vulnerability CVE-2024-21626

Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...

8.6CVSS

7AI Score

0.051EPSS

2024-06-18 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2041-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2041-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...

5.9CVSS

5.6AI Score

0.001EPSS

2024-06-18 12:00 AM
1
packetstorm

7.1AI Score

0.078EPSS

2024-06-18 12:00 AM
58
packetstorm

7.4AI Score

2024-06-18 12:00 AM
57
openvas
openvas

Python SSL Vulnerability (Jun 2024) - Mac OS X

Python is prone to a vulnerability in the ssl...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

Fedora 40 : ghostscript (2024-939eac36ae)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-939eac36ae advisory. Security fix for CVE-2024-33871 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

7.3AI Score

EPSS

2024-06-18 12:00 AM
oraclelinux
oraclelinux

container-tools:ol8 bug fix and enhancement update

aardvark-dns [2:1.10.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 [2:1.8.0-1] - update to...

4.9CVSS

7.3AI Score

0.0005EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Oracle Linux 7 : flatpak (ELSA-2024-3980)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. [1.0.9-13] - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not.....

8.4CVSS

8.2AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
nessus
nessus

Oracle Linux 9 : flatpak (ELSA-2024-3959)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3959 advisory. [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that.....

8.4CVSS

8.3AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Fedora 40 : webkitgtk (2024-4d71f28349)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4d71f28349 advisory. Update to 2.44.2: * Make gamepads visible on axis movements, and not only on button presses. * Disable the gst-libav AAC decoder. * Make user scripts and...

6.7AI Score

0.0005EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:2043-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2043-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may...

7.3AI Score

0.0005EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : bind (SUSE-SU-2024:2033-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2033-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed...

7.5CVSS

8.1AI Score

0.05EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Oracle Linux 8 : glibc (ELSA-2024-12440)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)....

4.8AI Score

0.0005EPSS

2024-06-18 12:00 AM
zdi
zdi

PaperCut NG generateNextFileName Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateNextFileName method. The issue results from the lack of proper validation of a...

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2035-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2035-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....

6.6AI Score

EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Fedora 40 : kitty (2024-15039ba9f9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-15039ba9f9 advisory. rebuild for rhbz#2292712 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

5.5CVSS

7.4AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

Oracle Linux 7 : glibc (ELSA-2024-12442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12442 advisory. - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: April-28-2023...

9.8CVSS

10AI Score

0.009EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Debian dsa-5715 : composer - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] ...

8.8CVSS

9.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Python SSL Vulnerability (Jun 2024) - Windows

Python is prone to a vulnerability in the ssl...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

Sensormatic Electronics Illustra Pro Gen 4 Active Debug Code (CVE-2023-0954)

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

9.8CVSS

7AI Score

0.003EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Oracle Linux 8 : firefox (ELSA-2024-3954)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3954 advisory. [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.12.0-1] - Update to 115.12.0 build1 Tenable has...

7.4AI Score

0.0004EPSS

2024-06-18 12:00 AM
f5
f5

K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159

Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before...

7.5CVSS

7.4AI Score

0.915EPSS

2024-06-18 12:00 AM
3
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3979 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
packetstorm

9.8CVSS

7AI Score

0.96EPSS

2024-06-18 12:00 AM
59
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.1AI Score

2024-06-17 08:28 PM
3
Total number of security vulnerabilities347072