Classified Listing Store & Membership Addon Security Vulnerabilities

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, vault-k8s-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, gatekeeper-fips, tigera-operator, vault-k8s-fips, kots, kubernetes-dashboard, flux-kustomize-controller-0.37, flux-notification-controller, boring-registry, tekton-pipelines, bank-vaults-fips, gobuster, grpc-health-probe,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, kots, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, kubernetes-csi-external-resizer-fips, kubernetes-csi-node-driver-registrar, aws-ebs-csi-driver, metrics-server,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-35877

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the...

CVE-2024-35921

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed in....

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose...

CVE-2024-34241

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...

CVE-2024-34241

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...

Adi IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51356

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

CVE-2023-51356

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

CVE-2023-51401 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.13 - Limited Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

CVE-2023-51356 WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

CVE-2023-51356 WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

CVE-2023-41956

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

CVE-2023-41956

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

CVE-2023-41957

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

CVE-2023-41957

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

Quassel IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

GitLab 7.12 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13335)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper group membership validation when deleting a user account in GitLab &gt;=7.12 allows a user to delete own account without deleting/transferring their group. (CVE-2020-13335) Note that Nessus...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1705)

The remote host is missing an update for the Huawei...

GitLab 13.1 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26417)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions &gt;=13.6 to &lt;13.6.2, &gt;=13.5 to &lt;13.5.5, and &gt;=13.1 to &lt...

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

EulerOS Virtualization 3.0.6.0 : shadow-utils (EulerOS-SA-2024-1705)

According to the versions of the shadow-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)

The remote host is missing an update for the Huawei...

GitLab 11.2 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13346)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. (CVE-2020-13346) ...

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all...

Exploit for CVE-2024-4352

CVE-2024-4352-Poc CVE-2024-4352 Tutor LMS Pro &lt;= 2.7.0 -...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...