TencentOS Server 3: mysql:8.0 (TSSA-2022:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2024-2434

creationtimestamp| type| source ---|---|--- 2025-05-22 04:42:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17230...

CVE-2002-2434

NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service abend via multiple FTP sessions...

CVE-2025-20635

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752;...

CVE-2022-2434

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

CVE-2025-20635

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752;...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GitLab 16.9 < 16.9.6 / 16.10 < 16.10.4 / 16.11 < 16.11.1 (CVE-2024-2434)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and...

CVE-2024-2434

A flaw was found in GitLab. A path traversal issue could lead to a denial of service and restricted file read. This issue affects all versions of GitLab CE/EE 16.9 through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1...

CVE-2024-2434

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read...

CVE-2024-2434

The CVE-2024-2434 issue affects GitLab CE/EE versions 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1, enabling path traversal that could cause DoS and restricted file reads. Root cause: path traversal in GitLab components leading to unintended file access (explicit techn...

CVE-2024-2434 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read...

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2434)

The version of webkitgtk4 installed on the remote host is prior to 2.42.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2434 advisory. 2024-04-11: CVE-2023-42950 was added to this advisory. A use after free issue was addressed with improved memory...

CVE-2023-2434

CVE-2023-2434 affects Nested Pages (WordPress) up to version 3.2.3. A missing capability check in the reset function allows an authenticated user with editor-level permissions or higher to reset plugin settings, causing unauthorized data loss. The impact is described as data loss risk with low CV...

WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...

K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455

Security Advisory Description CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

SUSE CVE-2011-2434

Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437...

CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

CVE-2022-2434

The CVE-2022-2434 entry affects the WordPress String Locator plugin (versions up to and including 2.5.0). The underlying issue is deserialization of untrusted input via the string-locator-path parameter, which can allow a PHAR-based call to arbitrary PHP objects when an action is triggered (e.g.,...

CVE-2021-2434

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Application Service. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...