WordPress Shortcodes Plugin — Shortcodes Ultimate Security Vulnerabilities

Ubuntu 20.04 LTS : Firefox regressions (USN-6779-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6779-2 advisory. USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: ...

Debian dla-3822 : python-pymysql - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3822 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3822-1 [email protected] ...

RHEL 7 : rh-nodejs14 (RHSA-2024:3472)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3472 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-3271)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3271 advisory. bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6796-1 advisory. Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access controls, allowing members to link playbook runs to private channels they are not members...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to failing to enforce proper access control, allowing a user to run a slash command in a channel they are not a member of by linking a playbook run to that channel and executing a slash command as a playbook task...

Improper Authorization

mattermost is vulnerable to Improper Authorization. The vulnerability is due to a failure to perform proper authorization checks, allowing a member running a playbook in an existing channel to be promoted to a channel...

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

MStore API < 3.9.8 - SQL Injection

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1787-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1787-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update...

Oracle Linux 8 : libssh (ELSA-2024-3233)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3233 advisory. [0.9.6-14] - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for...

Fedora 40 : buildah (2024-77a0ab280f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-77a0ab280f advisory. Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc40. ##### Changelog for buildah ``` * Fri May 10 2024 Packit &lt;[email protected]&gt;...

Oracle Linux 8 : ghostscript (ELSA-2024-2966)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2966 advisory. [9.27-12] - fix to prevent divison by zero in devices - Resolves: rhbz#2235009 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 8 : libX11 (ELSA-2024-2973)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2973 advisory. [1.6.8-8] - Backport fix for Xlib lockups due to recursive XError (RHEL-23452) [1.6.8-7] - Fix CVE-2023-43785: out-of-bounds memory access in...

Oracle Linux 8 : libtiff (ELSA-2024-3059)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3059 advisory. [4.0.9-31] - Fix CVE-2022-3599 CVE-2022-4645 - Resolves: RHEL-5399 [4.0.9-30] - Bump specfile to retrigger gating - Add tests folder for standard beakerlib -...

Oracle Linux 8 : mutt (ELSA-2024-3058)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3058 advisory. [5:2.0.7-3] - Fix for: CVE-2023-4874 CVE-2023-4875 - Resolves: RHEL-2811 Tenable has extracted the preceding description block directly from the Oracle.....

Oracle Linux 8 : perl:5.32 (ELSA-2024-3128)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3128 advisory. perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 ...

Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-3088)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3088 advisory. [1.16.1-3.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-3] - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing - Resolves:...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...

Oracle Linux 8 : motif (ELSA-2024-3022)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3022 advisory. [2.3.4-20] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted...

Oracle Linux 8 : traceroute (ELSA-2024-3211)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3211 advisory. [3:2.1.0-8] - add gating.yaml [3:2.1.0-7] - fix improper command line parsing (CVE-2023-46316) Tenable has extracted the preceding description block directly...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Git vulnerabilities (USN-6793-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6793-1 advisory. It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to...

Oracle Linux 8 : kernel (ELSA-2024-3138)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. [4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was....

Oracle Linux 8 : systemd (ELSA-2024-3203)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3203 advisory. [239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old...

Oracle Linux 8 : pam (ELSA-2024-3163)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3163 advisory. [1.3.1-33] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242 [1.3.1-32] - pam_access:...

Oracle Linux 8 : harfbuzz (ELSA-2024-2980)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2980 advisory. [1.7.5-4] - Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks Tenable has extracted the preceding description block directly...

RHEL 9 : rust (RHSA-2024:3418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3418 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...

RHEL 8 : pcs (RHSA-2024:3431)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3431 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rubygem-rack:...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : FRR vulnerabilities (USN-6794-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6794-1 advisory. It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to...

openSUSE 15 Security Update : libqt5-qtnetworkauth (openSUSE-SU-2024:0143-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0143-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). Tenable has extracted the preceding description block...

RHEL 9 : kernel-rt (RHSA-2024:3414)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3414 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro:...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0142-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0142-1 advisory. - Update to 110.0.5130.39 * DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint * DNA-116680 Import 0-day fix for CVE-2024-5274 -...

Oracle Linux 8 : ansible-core (ELSA-2024-3043)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3043 advisory. [2.16.3-2] - rebuild with python 3.12 (RHEL-24141) [2.16.3-1] - ansible-core 2.16.3 release (RHEL-23782) - Fix CVE-2024-0690 (possible information leak in tasks.....

Oracle Linux 8 : freeglut (ELSA-2024-3120)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3120 advisory. [3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Unbound vulnerability (USN-6791-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6791-1 advisory. It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-625)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...

RHEL 9 : mod_http2 (RHSA-2024:3417)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...

AlmaLinux 9 : glibc (ALSA-2024:3339)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

Oracle Linux 8 : qt5-qtbase (ELSA-2024-3056)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3056 advisory. [5.15.3-7] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25725 [5.15.3-6] - Fix incorrect integer...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-2962)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2962 advisory. hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream...

Oracle Linux 8 : pcs (ELSA-2024-2953)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...

Oracle Linux 8 : LibRaw (ELSA-2024-2994)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2994 advisory. [0.19.5-4] - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : python3.11-urllib3 (ELSA-2024-2986)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2986 advisory. [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-11996 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : grub2 (ELSA-2024-3184)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3184 advisory. [2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

Oracle Linux 8 : openssh (ELSA-2024-3166)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. [8.0p1-24.0.1] - Update upstream references [Orabug: 36587718] [8.0p1-24] - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves:...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...