Jenkins Dingding[钉钉] Plugin Security Vulnerabilities

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated...

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....

RHEL 8 : [23.0] Security update for the 23.0 (RPMs) (Low) (RHSA-2024:4081)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4081 advisory. The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container...

Fedora 39 : libopenmpt (2024-018a95fb38)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-018a95fb38 advisory. Update from 0.7.6 to 0.7.8 for more bug-fixes. https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/ ...

FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

RHEL 9 : redhat-ds:12 (RHSA-2024:4092)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4092 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access...

Fedora 39 : python-dns (2024-3b4c7849ab)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3b4c7849ab advisory. Update to 2.6.1 (rhbz#2263657) ---- Fix for CVE-2023-29483 (rhbz#2274685) Tenable has extracted the preceding description block directly from the Fedora...

RHEL 9 : python3.11 (RHSA-2024:4077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4077 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

RHEL 7 : kpatch-patch (RHSA-2024:4073)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4073 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

Fedora 40 : thunderbird (2024-bf1c613d5a)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bf1c613d5a advisory. Update to 115.12.1 * https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/ * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

AlmaLinux 8 : git (ALSA-2024:4084)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4084 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

Oracle Linux 9 : git (ELSA-2024-4083)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4083 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402, RHEL-36414 Tenable has extracted...

RHEL 8 : git (RHSA-2024:4084)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4084 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

RHEL 9 : samba (RHSA-2024:4101)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4101 advisory. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol,...

RHEL 9 : kpatch-patch (RHSA-2024:4074)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4074 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

libheif vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages libheif - ISO/IEC 23008-12:2017 HEIF file format decoder - development file Details It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the...

Oracle Linux 9 : python3.9 (ELSA-2024-4078)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4078 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Ansible vulnerabilities (USN-6846-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6846-1 advisory. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user...

RHEL 8 : kpatch-patch (RHSA-2024:4075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4075 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

Oracle Linux 8 : git (ELSA-2024-4084)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4084 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36399, RHEL-36411 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36399, RHEL-36411 Tenable has extracted...

Debian dsa-5719 : emacs - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5719 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5719-1 [email protected] ...

RHEL 9 : git (RHSA-2024:4083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4083 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

AlmaLinux 9 : python3.11 (ALSA-2024:4077)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 9 : python3.9 (ALSA-2024:4078)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

Oracle Linux 9 : python3.11 (ELSA-2024-4077)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4077 advisory. - Security fix for CVE-2023-6597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Debian dsa-5718 : elpa-org - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...

RHEL 7 : kernel (RHSA-2024:4098)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...

Fedora 40 : libopenmpt (2024-ac4860090c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ac4860090c advisory. Update from 0.7.6 to 0.7.8 for more bug-fixes. https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/ ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

AlmaLinux 9 : git (ALSA-2024:4083)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...