CVE-2024-2119 LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.5AI Score
0.0005EPSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...
5.4CVSS
6.8AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. ....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks...
6.6AI Score
0.0004EPSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...
6.8AI Score
0.0005EPSS
(RHSA-2024:3211) Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
7AI Score
0.0004EPSS
(RHSA-2024:3139) Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...
7AI Score
0.009EPSS
(RHSA-2024:3128) Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.2AI Score
0.0004EPSS
(RHSA-2024:2981) Moderate: frr security update
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if...
6.6AI Score
0.005EPSS
(RHSA-2024:2962) Moderate: virt:rhel and virt-devel:rhel security and enhancement update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....
7.7AI Score
0.002EPSS
CVE-2021-47469 spi: Fix deadlock when adding SPI controllers on SPI buses
In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. ....
7.2AI Score
0.0004EPSS
CVE-2021-47452 netfilter: nf_tables: skip netdev events generated on netns removal
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...
7.1AI Score
0.0004EPSS
CVE-2021-47448 mptcp: fix possible stall on recvmsg()
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...
7.3AI Score
0.0004EPSS
CVE-2021-47444 drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....
7.1AI Score
0.0004EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject....
6.4CVSS
6.6AI Score
0.0004EPSS
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle...
7.2AI Score
0.0004EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject....
6.5AI Score
0.0004EPSS
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle...
7AI Score
0.0004EPSS
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.1CVSS
6.8AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:1711-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1711-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...
7.3AI Score
CentOS 8 : squashfs-tools (CESA-2024:3139)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:3139 advisory. squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the...
7.2AI Score
Fortinet FortiWeb - Path traversal in API controller (FG-IR-22-251)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-251 advisory. A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20,...
6.7AI Score
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.6AI Score
0.0004EPSS
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo < 3.1.78 - Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user....
6.5AI Score
7.2AI Score
0.932EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled......
6.6AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Fortinet Fortigate (FG-IR-23-225)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-225 advisory. An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version...
6.8AI Score
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
6.8AI Score
0.009EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.7AI Score
0.0004EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....
6.5AI Score
0.0004EPSS
Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020
The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form. The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is...
7AI Score
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service......
7.3CVSS
7.1AI Score
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if attribute...
6.6AI Score
0.005EPSS
Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
6.8AI Score
0.037EPSS
Ubuntu 16.04 LTS : Linux kernel (GCP) vulnerabilities (USN-6777-3)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-3 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
7.9AI Score
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
6.7AI Score
0.009EPSS
Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
6.8AI Score
0.037EPSS
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if attribute...
6.7AI Score
0.005EPSS
7.5AI Score
0.0004EPSS
CentOS 8 : python-dns (CESA-2024:3275)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3275 advisory. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...
6.5AI Score
0.0004EPSS