Cloud Templates & Patterns Collection Security Vulnerabilities

CVE-2024-25641 Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads...

Why car location tracking needs an overhaul

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......

CVE-2024-35167 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through...

CVE-2024-35167 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through...

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling...

CVE-2024-4630 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it...

RHEL 5 : librsvg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) In xml.rs in GNOME...

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

RHEL 7 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php: Use of...

RHEL 6 : git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. git: cvsserver command injection (CVE-2017-14867) git: Heap overflow in git archive, git log --format...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) Angle brackets (&lt;&gt;)....

RHEL 5 : plone (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. plone: privilege escalation for overwriting content without needing write permission (CVE-2020-7941) ...

RHEL 7 : velocity (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) Note that Nessus has...

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: P2P group information processing vulnerability (CVE-2021-0326) wpa_supplicant: EAP-pwd...

RHEL 5 : wireshark (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836) The...

RHEL 6 : librsvg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) In xml.rs in GNOME...

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

RHEL 7 : wireshark (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836) The...

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

RHEL 7 : nodejs-handlebars (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true ...

openSUSE 15 Security Update : tinyproxy (openSUSE-SU-2024:0119-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0119-1 advisory. Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of...

CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation.....

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)

Summary A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details ** CVEID: CVE-2021-22569 DESCRIPTION: **Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service,.....

Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-41419 DESCRIPTION: **Gevent could allow a remote attacker to...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Moderate: gstreamer1-plugins-base security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fix(es): gstreamer-plugins-base: heap overwrite in subtitle parsing (CVE-2023-37328) For more...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fix(es): GetBoundName in the JIT returned the wrong object (CVE-2024-3852) Out-of-bounds-read after mis-optimized...

gcc-toolset-12-gcc bug fix update

An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc-toolset-12-gcc package contains the GNU Compiler...

lorax bug fix and enhancement update

An update is available for lorax. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4...

.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the...

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs....

Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

.NET 8.0 bug fix update

An update is available for dotnet8.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the...

.NET 6.0 bug fix update

An update is available for dotnet6.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the...

bind security update

An update is available for bind-dyndb-ldap, bind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation.....

What's the Right EDR for You?

A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as.....