Embedded Web Servers In All Modicon M340, Premium, Quantum Plcs And Bmxnor0200 Security Vulnerabilities

Tuesday, July 2, 2024 Security Releases

Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5942

The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....

CVE-2024-5942

The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-5192

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...

CVE-2024-5192

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-5598 Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....

CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5942 Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure

The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....

CVE-2024-5192 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...

CVE-1999-0901 affecting package ypserv 4.1-4

CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...

CVE-2019-17414 affecting package vino 3.22.0-20

CVE-2019-17414 affecting package vino 3.22.0-20. No patch is available...

CVE-2020-14318 affecting package samba 4.12.5-6

CVE-2020-14318 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2011-1429 affecting package mutt 2.2.12-1

CVE-2011-1429 affecting package mutt 2.2.12-1. No patch is available...

CVE-2021-3571 affecting package linuxptp 2.0-8

CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...

CVE-2021-3670 affecting package samba 4.12.5-6

CVE-2021-3670 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-17049 affecting package samba 4.12.5-6

CVE-2020-17049 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-33463 affecting package yasm 1.3.0-15

CVE-2021-33463 affecting package yasm 1.3.0-15. No patch is available...

CVE-2021-33460 affecting package yasm 1.3.0-15

CVE-2021-33460 affecting package yasm 1.3.0-15. No patch is available...

CVE-2021-33458 affecting package yasm 1.3.0-15

CVE-2021-33458 affecting package yasm 1.3.0-15. No patch is available...

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15. No patch is available...

CVE-2017-9120 affecting package php 7.4.14-3

CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-8923 affecting package php 7.4.14-3

CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-23192 affecting package samba 4.12.5-6

CVE-2021-23192 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

CVE-2019-12280 affecting package toolbox 0.0.18-9

CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2005-0868 affecting package tn5250 0.17.4-26

CVE-2005-0868 affecting package tn5250 0.17.4-26. No patch is available...

CVE-1999-1090 affecting package telnet 0.17-81

CVE-1999-1090 affecting package telnet 0.17-81. This CVE either no longer is or was never...

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20

CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20. No patch is available...

CVE-2020-14383 affecting package samba 4.12.5-6

CVE-2020-14383 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-14323 affecting package samba 4.12.5-6

CVE-2020-14323 affecting package samba 4.12.5-6. No patch is available...

CVE-2017-1000231 affecting package ldns 1.7.0-31

CVE-2017-1000231 affecting package ldns 1.7.0-31. This CVE either no longer is or was never...

CVE-2004-2779 affecting package libid3tag 0.15.1b-33

CVE-2004-2779 affecting package libid3tag 0.15.1b-33. No patch is available...

CVE-2017-6833 affecting package audiofile 0.3.6-27

CVE-2017-6833 affecting package audiofile 0.3.6-27. No patch is available...

CVE-2017-6829 affecting package audiofile 0.3.6-27

CVE-2017-6829 affecting package audiofile 0.3.6-27. No patch is available...

CVE-2017-6828 affecting package audiofile 0.3.6-27

CVE-2017-6828 affecting package audiofile 0.3.6-27. No patch is available...

CVE-2012-2653 affecting package arpwatch 2.1a15-51

CVE-2012-2653 affecting package arpwatch 2.1a15-51. No patch is available...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-2022-36033 affecting package jsoup 1.11.3-3

CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...

CVE-2021-3738 affecting package samba 4.12.5-6

CVE-2021-3738 affecting package samba 4.12.5-6. No patch is available...

CVE-2022-25857 affecting package snakeyaml 1.25-2

CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2021-33467 affecting package yasm 1.3.0-15

CVE-2021-33467 affecting package yasm 1.3.0-15. No patch is available...