Profile Builder – User Profile & User Registration Forms (WordPress Plugin) Security Vulnerabilities

[SECURITY] Fedora 40 Update: freeipa-4.12.1-1.fc40

IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and...

CVE-2024-5289 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID: CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

CVE-2024-5655

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain...

CVE-2024-5655

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain...

CVE-2024-5655

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain...

CVE-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

CVE-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

CVE-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

RHEL 9 : golang (RHSA-2024:4146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4146 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of...

Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory...

Ubuntu 22.04 LTS : OpenSSL vulnerability (USN-6854-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6854-1 advisory. It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement...

ROS-20240627-06

A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component.....

Fedora 40 : openvpn (2024-b611e122fb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b611e122fb advisory. Update to upstream OpenVPN 2.6.11 CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them ...

Debian dla-3841 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3841-1 [email protected] ...

Ubuntu: Security Advisory (USN-6852-1)

The remote host is missing an update for...

Fedora: Security Advisory for freeipa (FEDORA-2024-2a466c6514)

The remote host is missing an update for...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...

Debian dsa-5723 : libcolorcorrect5 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5723-1 [email protected] ...

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......

CVE-2024-28820

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this....

Fedora 40 : moodle (2024-020937763e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-020937763e advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2024-28820

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this....

Debian dla-3840 : hyperv-daemons - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3840 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3840-1 [email protected] ...

Important Photon OS Security Update - PHSA-2024-5.0-0305

Updates of ['linux-rt', 'linux'] packages of Photon OS have been...

Ubuntu 16.04 LTS / 18.04 LTS : Wget vulnerability (USN-6852-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6852-2 advisory. USN-6852-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original...

GitLab 15.8 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5655)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an...

GitLab 16.7 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3959)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private...

Fedora 39 : moodle (2024-9df8ef935b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9df8ef935b advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RHEL 8 : pki-core (RHSA-2024:4164)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4164 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

Fedora 40 : freeipa (2024-2a466c6514)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2a466c6514 advisory. Fix CVE-2024-2698 and CVE-2024-3183 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Atlassian Jira Service Management Data Center and Server < 5.4.21 / 5.12.x < 5.12.8 / 5.15.x < 5.16.0 (JSDSERVER-15309)

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15309 advisory. This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0,...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

Fedora 39 : chromium (2024-508d03d0c7)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-508d03d0c7 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...

Fedora 40 : chromium (2024-0c02698648)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0c02698648 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...

RHEL 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Object...

RHEL 8 : OpenShift Container Platform 4.12.60 (RHSA-2024:4008)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4008 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libcdio vulnerability (USN-6855-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-6857-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6857-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to...

Fedora 39 : firefox (2024-a61be271bb)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a61be271bb advisory. - New upstream version (127.0.2) ---- - New upstream version (127.0) Tenable has extracted the preceding description block directly from the Fedora...

Debian dla-3845 : dlt-daemon - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3845 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3845-1 [email protected] ...

Debian dla-3842 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3842 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3842-1 [email protected] ...

RHEL 9 : pki-core (RHSA-2024:4165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4165 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the....

RHEL 8 : python3 (RHSA-2024:4166)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4166 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

Debian dla-3843 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3843 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3843-1 [email protected] ...

RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 9 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built...