ESpace 7910; ESpace 7950; ESpace 8950 Security Vulnerabilities

RHEL 6 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

RHEL 5 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

RHEL 7 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

CVE-2024-3341

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via aux_gmaps Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject.....

espace-ethique-normandie.fr Cross Site Scripting vulnerability OBB-3915175

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-lumiere.fr Cross Site Scripting vulnerability OBB-3872126

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-design.lu Improper Access Control vulnerability OBB-3845286

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as...

espace-enchere-sud-aquitaine.fr Improper Access Control vulnerability OBB-3824483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-diamant.ajaccio.fr Cross Site Scripting vulnerability OBB-3777428

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-ultradanse.fr Cross Site Scripting vulnerability OBB-3728272

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Oracle Linux 7 : ELSA-2017-1308-1: / kernel (ELSA-2017-13081)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-13081 advisory. The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by...

Malicious code in discord.js-v12-lukyy (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (84f8bf74e566b2971105d1d8482b27bb35a3cd1aa60def4e10b9ae09a4397da8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fca-donqdev (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (8aa466b4d3fe8071af6cbd682f544cd5681044d56a9d7b8816fc38424034230a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

espace-numerique-entreprises.corsica Cross Site Scripting vulnerability OBB-3570484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-terroir.ch Cross Site Scripting vulnerability OBB-3524241

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-ultradanse.fr Cross Site Scripting vulnerability OBB-3513703

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-lumiere.fr Cross Site Scripting vulnerability OBB-3503840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-motos.fr Cross Site Scripting vulnerability OBB-3493242

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-crequi.fr Cross Site Scripting vulnerability OBB-3493240

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WP Abstracts <= 2.6.2 - Cross-Site Request Forgery

The plugin does not sufficiently verify requests use nonces, leading to a CSRF...

espace-aubade.fr Cross Site Scripting vulnerability OBB-3423180

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Cross site scripting

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

espace-terroir.ch Cross Site Scripting vulnerability OBB-3382752

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-o.ca Cross Site Scripting vulnerability OBB-3340764

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-chez-soi.ch Cross Site Scripting vulnerability OBB-3340756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Hostel < 1.1.5.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Hostel < 1.1.5.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC 1. Go to Manage Rooms and click on "Click...

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....

Debian: Security Advisory (DLA-664-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-772-1)

The remote host is missing an update for the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced...

2023-02 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB5022782)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....

espace-ultradanse.fr Cross Site Scripting vulnerability OBB-3192693

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-34398

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the...

Rocky Linux 9 : Image Builder (RLSA-2022:7950)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial...

FreeBSD : Gitlab -- Multiple Vulnerabilities (3a023570-91ab-11ed-8950-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a023570-91ab-11ed-8950-001b217b3468 advisory. Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7,...

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336)

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can...

espace-europ.com Cross Site Scripting vulnerability OBB-3099799

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Update 18.18 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1 (Application Build 18.18.49460, Platform Build 18.0.49352)

Update 18.18 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1 (Application Build 18.18.49460, Platform Build 18.0.49352) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a remote code execution...

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

Oracle Linux 9 : Image / Builder (ELSA-2022-7950)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a...

Image Builder security, bug fix, and enhancement update

cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream...

AlmaLinux 9 : Image Builder (ALSA-2022:7950)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial...