Sticky Buttons – Floating Buttons Builder Security Vulnerabilities

User Meta < 3.1 - Unauthenticated Sensitive Information Exposure

Description The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...

Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization

Description The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the...

CVE-2024-33766

lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at...

RHEL 9 : kernel (RHSA-2024:2627)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2627 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * CVE-2024-25743 hw: amd:...

(RHSA-2024:2119) Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder < 2.6.1 - Information Exposure

Description The Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.0 via the prepare_preview() function. This makes it possible for unauthenticated attackers to...

RHEL 9 : libnbd (RHSA-2024:2204)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2204 advisory. Network Block Device (NBD) is a protocol for accessing Block Devices (hard disks and disk-like devices) over a Network. The libnbd is a...

RHEL 9 : bind (RHSA-2024:2551)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2551 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

RHEL 9 : Image builder components (RHSA-2024:2119)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2119 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security...

RHEL 9 : avahi (RHSA-2024:2433)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2433 advisory. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It...

RHEL 9 : kernel (RHSA-2024:2394)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2394 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: GSM multiplexing race...

Cost Calculator Builder Pro < 3.1.68 - Unauthenticated Cross-Site Scripting via SVG Upload

Description The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

RHEL 9 : qt5-qtbase (RHSA-2024:2276)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2276 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in...

RHEL 9 : sssd (RHSA-2024:2571)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2571 advisory. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms....

WordPress Header Builder Plugin – Pearl < 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

RHEL 9 : file (RHSA-2024:2512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2512 advisory. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types,...

RHEL 9 : edk2 (RHSA-2024:2264)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2264 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...

RHEL 9 : xorg-x11-server (RHSA-2024:2169)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2169 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical...

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

RHEL 9 : mingw-pixman (RHSA-2024:2525)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2525 advisory. Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fix(es): * pixman: Integer overflow in pixman_sample_floor_y...

RHEL 9 : freerdp (RHSA-2024:2208)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to.....

RHEL 9 : mingw-glib2 (RHSA-2024:2528)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2528 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used...

RHEL 9 : systemd (RHSA-2024:2463)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2463 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

RHEL 8 : kernel (RHSA-2024:2621)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2621 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use after free flaw in...

RHEL 9 : libtiff (RHSA-2024:2289)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2289 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): *...

RHEL 9 : ipa (RHSA-2024:2147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2147 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

RHEL 9 : python3.11 (RHSA-2024:2292)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2292 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2024:2287)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2287 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

RHEL 9 : libvirt (RHSA-2024:2236)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2236 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

RHEL 9 : libsndfile (RHSA-2024:2184)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2184 advisory. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile:...

RHEL 8 : yajl (RHSA-2024:2580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2580 advisory. Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. ...

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

RHEL 8 : shadow-utils (RHSA-2024:2577)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2577 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

RHEL 9 : libvirt (RHSA-2024:2560)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2560 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating...

RHEL 9 : zziplib (RHSA-2024:2377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2377 advisory. The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: invalid memory access at...

RHEL 9 : mingw components (RHSA-2024:2353)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2353 advisory. MinGW (Minimalist GNU for Windows) is a free and open source software development environment to create Microsoft Windows applications. Security...

RHEL 9 : pmix (RHSA-2024:2199)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2199 advisory. The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended...

RHEL 9 : libjpeg-turbo (RHSA-2024:2295)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2295 advisory. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the...

RHEL 9 : LibRaw (RHSA-2024:2137)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2137 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): * LibRaw:...

Page Builder: Live Composer < 1.5.39 - Missing Authorization

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslc_ajax_add_module() function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with...

Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal

Description The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss...

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery

Description The The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.8.2. This makes it possible for authenticated attackers, with subscriber-level access and...

Advanced Floating Content Lite < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RHEL 9 : kernel (RHSA-2024:1248)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1248 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: inactive elements in...

Amazon Linux AMI : xorg-x11-server (ALAS-2024-1932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1932 advisory. A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to...

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.4 - Reflected Cross-Site Scripting

Description The The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.8.3 due to insufficient input sanitization and output escaping. This makes it possible...

RHEL 9 : kernel (RHSA-2023:6583)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory. Kernel: race when faulting a device private page in memory manager (CVE-2022-3523) kernel: use-after-free in l1oip timer handlers...

RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...