MiracleLinux 7 : systemd-219-78.el7.7 (AXSA:2022-3733:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3733:06 advisory. systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c CVE-2022-2526 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2019-2526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and...

ABB M2M Gateway Use-After-Free in embedded Systemd (CVE-2022-2526)

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

Alibaba Cloud Linux 3 : 0218: systemd (ALINUX3-SA-2022:0218)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0218 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-33910: basic/unit-name.c in syste...

CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover

The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'stAuthenticationController::editprofile'...

WordPress Streamit Theme <= 4.0.2 is vulnerable to Privilege Escalation

Software Streamit Type Theme Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-2526 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6913aeb6838d Credits István Márton...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to use-after-free due to systemd ( CVE-2022-2526 )

Summary Systemd is used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-2526 Vulnerability Details CVEID:CVE-2022-2526 DESCRIPTION: systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the onstreamio function and...

Linux Distros Unpatched Vulnerability : CVE-2010-2526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cluster logical volume manager daemon clvmd in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System GFS and other products, does not...

NewStart CGSL MAIN 6.02 : systemd Multiple Vulnerabilities (NS-SA-2024-0062)

The remote NewStart CGSL host, running version MAIN 6.02, has systemd packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c'...

Amazon Linux 2 : curl (ALAS-2024-2526)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2526 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...

CVE-2024-2526

The CVE-2024-2526 entry concerns MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected component: the file /admin/rooms.php, where manipulation of the id parameter enables cross-site scripting (XSS). The vulnerability is exploitable remotely, and public disclosure has occurred. Se...

EulerOS Virtualization 3.0.6.6 : systemd (EulerOS-SA-2023-2403)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-2403)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : systemd (EulerOS-SA-2023-2233)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete...

CVE-2023-2526 Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

CVE-2023-2526

CVE-2023-2526 affects the Easy Google Maps plugin for WordPress. The vulnerability arises from missing/incorrect nonce validation on the AJAX action handler, allowing CSRF for unauthenticated attackers to trigger actions if a site admin is lured into clicking a forged request. Affected versions a...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-1698)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : systemd (EulerOS-SA-2023-1698)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in systemd (CVE-2022-2526)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in systemd caused by a use-after-free flaw CVE-2022-2526. systemd is included as part of the Base OS used by our service images. Please read the details for remediation below...

EulerOS 2.0 SP8 : systemd (EulerOS-SA-2023-1339)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in...