Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit Security Vulnerabilities

Atlassian Confluence 1.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95840)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95840 advisory. In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,...

Ubuntu: Security Advisory (USN-6566-2)

The remote host is missing an update for...

GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

GitLab 16.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3115)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...

Fedora 39 : firefox (2024-a61be271bb)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a61be271bb advisory. - New upstream version (127.0.2) ---- - New upstream version (127.0) Tenable has extracted the preceding description block directly from the Fedora...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95975)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95975 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...

CVE-2016-20022

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...

OpenSSL 3.1.0 < 3.1.7 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.1.7. It is, therefore, affected by a vulnerability as referenced in the 3.1.7 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-6857-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6857-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to...

RHEL 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Object...

RHEL 8 : OpenShift Container Platform 4.12.60 (RHSA-2024:4008)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4008 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libcdio vulnerability (USN-6855-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...

Fedora 39 : chromium (2024-508d03d0c7)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-508d03d0c7 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...

Fedora 40 : chromium (2024-0c02698648)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0c02698648 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...

Fedora: Security Advisory for firefox (FEDORA-2024-a61be271bb)

The remote host is missing an update for...

OpenSSL 1.1.1 < 1.1.1za Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1za. It is, therefore, affected by a vulnerability as referenced in the 1.1.1za advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...

Debian dla-3845 : dlt-daemon - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3845 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3845-1 [email protected] ...

OpenSSL Buffer Overread Vulnerability (20240627) - Linux

OpenSSL is prone to a buffer overread...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158059 advisory. IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2191)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge...

CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

FreeBSD : Gitlab -- Vulnerabilities (589de937-343f-11ef-8a7b-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 589de937-343f-11ef-8a7b-001b217b3468 advisory. Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit...

Debian dla-3843 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3843 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3843-1 [email protected] ...

RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 9 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built...

Debian dla-3842 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3842 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3842-1 [email protected] ...

RHEL 9 : pki-core (RHSA-2024:4165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4165 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the....

GitLab 1.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4557)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

Fedora: Security Advisory for moodle (FEDORA-2024-020937763e)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-0c02698648)

The remote host is missing an update for...

Fedora: Security Advisory for openvpn (FEDORA-2024-b611e122fb)

The remote host is missing an update for...

Important: pki-core security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) For more details about the security issue(s), including the impact, a CVSS score,...

RHEL 8 : python3 (RHSA-2024:4166)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4166 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

gorrells.com Cross Site Scripting vulnerability OBB-3939166

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lexingtonclub.net Cross Site Scripting vulnerability OBB-3939165

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3959 Improper Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

CVE-2024-3959 Improper Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

commonwealthtool.com Cross Site Scripting vulnerability OBB-3939164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bordercommunity.com Cross Site Scripting vulnerability OBB-3939163

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bdsa.com Cross Site Scripting vulnerability OBB-3939162

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bikethomson.com Cross Site Scripting vulnerability OBB-3939161

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

blogwpthemes.com Cross Site Scripting vulnerability OBB-3939160

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

metamoracompleteequine.com Cross Site Scripting vulnerability OBB-3939159

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

blog.battlefy.com Cross Site Scripting vulnerability OBB-3939158

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

**SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers ** PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory...

autismawarenesscentre.com Cross Site Scripting vulnerability OBB-3939155

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

autodotbiography.com Cross Site Scripting vulnerability OBB-3939154

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...