Float Menu – Awesome Floating Side Menu Security Vulnerabilities

CVE-2024-4378

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2023-52800

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as....

CVE-2023-52798

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in...

CVE-2023-52791

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the....

CVE-2023-52777

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical...

CVE-2023-52776

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dfs-radar and temperature event locking The ath12k active pdevs are protected by RCU but the DFS-radar and temperature event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as a read-side...

CVE-2024-4378 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

(RHSA-2024:3319) Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086) kernel: hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982) For more...

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

CVE-2024-4486 Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

RHEL 8 : gmp (RHSA-2024:3214)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3214 advisory. The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point...

RHEL 8 : resource-agents (RHSA-2024:2952)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2952 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several....

RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer...

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC 1. Go "Chaty &gt; Create New...

RHEL 7 : kernel (RHSA-2024:3319)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3319 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

Apache Tomcat 7.0.0 < 7.0.99 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.99_security-7 advisory. When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to...

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Apache Tomcat 8.5.0 < 8.5.38

The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.38_security-8 advisory. The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with ...

Premium Addons for Elementor < 4.10.32 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject....

RHEL 8 : fence-agents (RHSA-2024:2968)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2968 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-28834) It was...

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A...

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A...

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying...

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying...

(RHSA-2024:2729) Important: Red Hat OpenStack Platform 17.1 (etcd) security update

A highly-available key value store for shared configuration Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) crypto/tls:...

(RHSA-2024:2730) Important: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update

This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on collectd with AMQP-1.0 messaging bus. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) ...

(RHSA-2024:2767) Important: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update

This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on collectd with AMQP-1.0 messaging bus. Security Fix(es): Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) net/http/internal: Denial...

HackerOne: Access Control Vulnerability Enabling Unauthorized Access to Limited Disclosure Reports

Summary: Hi there, I hope you are doing well :) I found a vulnerability which allows me to close a report as duplicate of another program report. This can cause problems in various ways, i will include some of them and rest needs to be verified on Hackerone side what additional impact it can...

CVE-2024-25737

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying...

CVE-2024-25737

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying...

CVE-2024-25737

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying...

CVE-2024-25738

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A...

CVE-2024-25738

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A...

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets,...

CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers......

CVE-2021-47337

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()") changed the allocation logic to call put_device() to perform host cleanup with...

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)

Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...

CVE-2024-5031

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...

CVE-2024-5031

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name...

CVE-2024-5031 MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...