Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-3718 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 05:30 AM
nvd
nvd

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-24 05:15 AM
cve
cve

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-24 05:15 AM
29
cvelist
cvelist

CVE-2024-2784 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-24 04:29 AM
1
vulnrichment
vulnrichment

CVE-2024-2784 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-24 04:29 AM
arista
arista

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

6AI Score

EPSS

2024-05-24 12:00 AM
5
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
nessus
nessus

ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-msp_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin.....

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
2
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 12:00 AM
2
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.5 - Contributor+ Stored XSS via Hover Card Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Hover Card widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1771-1)

The remote host is missing an update for...

7.9CVSS

7.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
2
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.5 - Contributor+ Stored XSS in Widgets

Description The plugin is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 12:00 AM
2
nessus
nessus

ManageEngine SupportCenter Plus < 14.7 Build 14720

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the support-center_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin...

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
4
oraclelinux
oraclelinux

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload &gt;= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

8.1CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
4
nessus
nessus

ManageEngine ServiceDesk Plus < 14.7 Build 14730

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.7 Build 14730. It is, therefore, affected by a vulnerability as referenced in the service-desk_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin role to.....

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
f5
f5

K000139764: Apache HTTPD vulnerability CVE-2023-38709

Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) Impact This vulnerability allows malicious or exploitable...

6.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
ubuntucve
ubuntucve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
1
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

9.8CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
2
krebs
krebs

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

6.8AI Score

2024-05-23 11:32 PM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

9.8CVSS

9.4AI Score

0.962EPSS

2024-05-23 06:42 PM
8
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 114 vulnerabilities disclosed in 88...

10CVSS

9.3AI Score

EPSS

2024-05-23 03:00 PM
11
redhatcve
redhatcve

CVE-2021-47267

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps),...

6.3AI Score

0.0004EPSS

2024-05-23 01:29 PM
1
securelist
securelist

ShrinkLocker: Turning BitLocker into ransomware

Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...

6.8AI Score

2024-05-23 12:00 PM
38
ics
ics

AutomationDirect Productivity PLCs

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active...

9.8CVSS

10AI Score

0.001EPSS

2024-05-23 12:00 PM
7
redhatcve
redhatcve

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.5AI Score

0.0004EPSS

2024-05-23 11:09 AM
3
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:1753-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1753-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

7CVSS

7.3AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 9 for SLE 15 SP5) (SUSE-SU-2024:1759-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1759-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_44 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

7CVSS

5.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
6
nessus
nessus

Ubuntu 24.04 LTS : klibc vulnerabilities (USN-6736-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-2 advisory. USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was...

9.8CVSS

8.2AI Score

0.013EPSS

2024-05-23 12:00 AM
5
nessus
nessus

RHEL 7 : kernel (RHSA-2024:3318)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3318 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...

7.8CVSS

7.7AI Score

0.011EPSS

2024-05-23 12:00 AM
4
nessus
nessus

RHEL 8 : kernel-rt (RHSA-2024:2950)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

9.8CVSS

7.2AI Score

EPSS

2024-05-23 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP2) (SUSE-SU-2024:1742-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1742-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_166 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed a...

7.8CVSS

5.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 7 : kernel (RHSA-2024:3319)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3319 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

7.8CVSS

7.5AI Score

0.011EPSS

2024-05-23 12:00 AM
3
nessus
nessus

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : cJSON vulnerabilities (USN-6784-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6784-1 advisory. It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash,...

7.5CVSS

7.9AI Score

0.001EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : kernel (RHSA-2024:3138)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security...

9.8CVSS

7.2AI Score

EPSS

2024-05-23 12:00 AM
20
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : VLC vulnerabilities (USN-6783-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6783-1 advisory. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use ...

9.8CVSS

8.4AI Score

0.001EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 9 : kernel (RHSA-2024:3306)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3306 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

7.6AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

9.8CVSS

8AI Score

EPSS

2024-05-23 12:00 AM
11
oraclelinux
oraclelinux

edk2 security update

[20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - Resolves: RHEL-21158 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-8])...

8.8CVSS

7.5AI Score

0.006EPSS

2024-05-23 12:00 AM
2
nessus
nessus

Ubuntu 24.04 LTS : OpenSSL update (USN-6663-3)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-3 advisory. USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a...

7.2AI Score

2024-05-23 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP4) (SUSE-SU-2024:1748-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1748-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_63 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed a...

7.8CVSS

6AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP5) (SUSE-SU-2024:1760-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1760-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

8AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 39 for SLE 15 SP3) (SUSE-SU-2024:1746-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1746-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

7CVSS

5.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6777-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-4 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP4) (SUSE-SU-2024:1757-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1757-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed a...

7.8CVSS

6AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : edk2 (RHSA-2024:3017)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3017 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...

8.8CVSS

7.9AI Score

0.006EPSS

2024-05-23 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:1751-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1751-1 advisory. This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed a...

7.8CVSS

6AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
nessus
nessus

Ubuntu 24.04 LTS : GNOME Remote Desktop vulnerability (USN-6785-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6785-1 advisory. Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to...

7.4AI Score

EPSS

2024-05-23 12:00 AM
5
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP4) (SUSE-SU-2024:1750-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1750-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

8AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
nessus
nessus

RHEL 8 : linux-firmware (RHSA-2024:3178)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...

8.2CVSS

7AI Score

0.0005EPSS

2024-05-23 12:00 AM
2
Total number of security vulnerabilities120129