Business Directory Plugin | GeoDirectory Security Vulnerabilities

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...

RHEL 6 : vert.x (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx ...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...

Newsletters < 4.9.6 - Reflected Cross-Site Scripting

Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

YITH Custom Login < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The YITH Custom Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Oracle Linux 9 : python-idna (ELSA-2024-3846)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3846 advisory. [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 Tenable has extracted the preceding description...

SUSE SLES15 Security Update : kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (SUSE-SU-2024:2005-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...

Debian dla-3825 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...

RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

Microsoft Windows Start Menu Software Version Enumeration

This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. Note that the versions detected here do not necessarily...

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

Recurring PayPal Donations < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

Oracle Linux 9 : ruby (ELSA-2024-3838)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle...

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read

Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,.....

Fedora 39 : tomcat (2024-2bf73514cd)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2bf73514cd advisory. This update includes a rebase from 9.0.83 to 9.0.89. * #2269611 CVE-2024-24549 tomcat:...

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or...

TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The TemplatesNext OnePager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it.....

Kenta Blocks – Responsive Blocks and block templates library < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Kenta Blocks – Responsive Blocks and block templates library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level....

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3

CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3. A patched version of the package is...

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

CVE-2024-34065

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

CVE-2024-34065

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....