WordPress Infinite Scroll – Ajax Load More Security Vulnerabilities

Fedora 39 : libopenmpt (2024-018a95fb38)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-018a95fb38 advisory. Update from 0.7.6 to 0.7.8 for more bug-fixes. https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/ ...

CVE-2024-5594

control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU...

RHEL 9 : python3.11 (RHSA-2024:4077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4077 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

RHEL 7 : kpatch-patch (RHSA-2024:4073)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4073 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

Fedora 40 : thunderbird (2024-bf1c613d5a)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bf1c613d5a advisory. Update to 115.12.1 * https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/ * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ ...

Fedora 39 : python-dns (2024-3b4c7849ab)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3b4c7849ab advisory. Update to 2.6.1 (rhbz#2263657) ---- Fix for CVE-2023-29483 (rhbz#2274685) Tenable has extracted the preceding description block directly from the Fedora...

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

AlmaLinux 8 : git (ALSA-2024:4084)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4084 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)

The remote host is missing an update for the Huawei...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

CVE-2024-36244

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...

RHEL 9 : samba (RHSA-2024:4101)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4101 advisory. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol,...

RHEL 9 : kpatch-patch (RHSA-2024:4074)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4074 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

RHEL 8 : git (RHSA-2024:4084)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4084 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Oracle Linux 9 : git (ELSA-2024-4083)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4083 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402, RHEL-36414 Tenable has extracted...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Ansible vulnerabilities (USN-6846-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6846-1 advisory. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user...

Oracle Linux 9 : python3.9 (ELSA-2024-4078)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4078 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

RHEL 8 : kpatch-patch (RHSA-2024:4075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4075 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

RHEL 9 : git (RHSA-2024:4083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4083 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Oracle Linux 8 : git (ELSA-2024-4084)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4084 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36399, RHEL-36411 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36399, RHEL-36411 Tenable has extracted...

RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Roundcube vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack Details Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...

Fedora 40 : libopenmpt (2024-ac4860090c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ac4860090c advisory. Update from 0.7.6 to 0.7.8 for more bug-fixes. https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/ ...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

AlmaLinux 9 : git (ALSA-2024:4083)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

RHEL 7 : kernel (RHSA-2024:4098)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

ROS-20240625-03

A vulnerability in the GlutAddSubMenu() function of the MuPDF PDF viewer is related to a memory leak via the MenuEntry variable. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the GlutAddMenuEntry() function of the MuPDF...

AlmaLinux 9 : python3.9 (ALSA-2024:4078)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

PYSEC-2024-54

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...