Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...

9.8CVSS

8.8AI Score

0.973EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 6 : vert.x (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx ...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...

6.5CVSS

7.4AI Score

EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Newsletters < 4.9.6 - Reflected Cross-Site Scripting

Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS

6.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

YITH Custom Login < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The YITH Custom Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Oracle Linux 9 : python-idna (ELSA-2024-3846)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3846 advisory. [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 Tenable has extracted the preceding description...

6.4AI Score

EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (SUSE-SU-2024:2005-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Debian dla-3825 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

8.1CVSS

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Microsoft Windows Start Menu Software Version Enumeration

This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. Note that the versions detected here do not necessarily...

7.1AI Score

2024-06-13 12:00 AM
nessus
nessus

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ...

6.5CVSS

5.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
oraclelinux
oraclelinux

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Recurring PayPal Donations < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...

7.5CVSS

8.1AI Score

0.001EPSS

2024-06-13 12:00 AM
zdt
zdt

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

7.8CVSS

7.6AI Score

0.44EPSS

2024-06-13 12:00 AM
21
nessus
nessus

Oracle Linux 9 : ruby (ELSA-2024-3838)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle...

9.8CVSS

7.6AI Score

EPSS

2024-06-13 12:00 AM
nessus
nessus

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read

Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,.....

4.9CVSS

6.7AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Fedora 39 : tomcat (2024-2bf73514cd)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2bf73514cd advisory. This update includes a rebase from 9.0.83 to 9.0.89. * #2269611 CVE-2024-24549 tomcat:...

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
cvelist
cvelist

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or...

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The TemplatesNext OnePager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it.....

8.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Kenta Blocks – Responsive Blocks and block templates library < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Kenta Blocks – Responsive Blocks and block templates library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level....

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
cbl_mariner
cbl_mariner

CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3

CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3. A patched version of the package is...

6.7AI Score

0.0004EPSS

2024-06-12 10:23 PM
github
github

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

7.1CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:39 PM
4
osv
osv

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

7.1CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:39 PM
2
osv
osv

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
osv
osv

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
cve
cve

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-12 05:15 PM
14
nvd
nvd

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

8.1CVSS

0.0004EPSS

2024-06-12 05:15 PM
2
cvelist
cvelist

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

8.1CVSS

0.0004EPSS

2024-06-12 04:50 PM
4
nvd
nvd

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 03:15 PM
osv
osv

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
1
cve
cve

CVE-2024-34065

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-12 03:15 PM
13
cve
cve

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 03:15 PM
12
nvd
nvd

CVE-2024-34065

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

7.1CVSS

0.001EPSS

2024-06-12 03:15 PM
osv
osv

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

6.7AI Score

0.0004EPSS

2024-06-12 03:15 PM
nvd
nvd

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

0.0004EPSS

2024-06-12 03:15 PM
cve
cve

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

3.6AI Score

0.0004EPSS

2024-06-12 03:15 PM
12
cvelist
cvelist

CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...

7.1CVSS

0.001EPSS

2024-06-12 02:54 PM
2
cvelist
cvelist

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 02:50 PM
vulnrichment
vulnrichment

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

7AI Score

0.0004EPSS

2024-06-12 02:46 PM
2
cvelist
cvelist

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

0.0004EPSS

2024-06-12 02:46 PM
1
Total number of security vulnerabilities346374