VGPU Software (guest Driver - Windows), NVIDIA Cloud Gaming (guest Driver - Windows) Security Vulnerabilities

WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.1.x < 4.1.41 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.0.x < 5.0.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for...

libvpx - security update

Bulletin has no...

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2199-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2199-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) Tenable has extracted the preceding.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2198-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2198-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ....

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

...

Poultry Farm Management System 1.0 Shell Upload

...

ThroughTek P2P SDK Cleartext Transmission of Sensitive Information (CVE-2021-32934)

ThroughTek supplies multiple original equipment manufacturers of IP cameras & recorders with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds. This plugin only...

WordPress 5.7.x < 5.7.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.9.x < 5.9.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Poultry Farm Management System v1.0 - Remote Code Execution Exploit

...

WordPress 5.1.x < 5.1.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.2.x < 5.2.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.4.x < 6.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)

The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...

OpenVPN vulnerability

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...

Debian dsa-5720 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5720 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5720-1 [email protected] ...

Debian dla-3844 : git - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3844 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3844-1 [email protected] ...

Vulnerability in OpenSSL CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the...

WordPress 4.2.x < 4.2.38 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Progress MOVEit Transfer 2023.0.x < 2023.0.11 / 2023.1.x < 2023.1.6 / 2024.0.x < 2024.0.2 Authentication Bypass (June 2024)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....

ffmpeg - security update

Bulletin has no...

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

git - security update

Bulletin has no...

WordPress 4.6.x < 4.6.29 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.3.x < 4.3.34 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.4.x < 4.4.33 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.7.x < 4.7.29 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 5.6.x < 5.6.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability (CWE-352). ## Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform...

SUSE: Security Advisory (SUSE-SU-2024:2198-1)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Ubuntu: Security Advisory (USN-6746-2)

The remote host is missing an update for...

Debian dsa-5722 : libvpx-dev - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5722 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5722-1 [email protected] ...

Debian dsa-5721 : ffmpeg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5721 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5721-1 [email protected] ...

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)

The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...

WordPress 4.5.x < 4.5.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

WordPress 4.9.x < 4.9.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting Vulnerability

...

WordPress 6.5.x < 6.5.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...