MiracleLinux 9 : python3.11-3.11.7-1.el9_4.1 (AXSA:2024-8483:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8483:16 advisory. python: Path traversal on tempfile.TemporaryDirectory CVE-2023-6597 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : python3.11-3.11.7-1.el8.ML.1 (AXSA:2024-8274:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8274:09 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002271 advisory. cipsov4validate in include/net/cipsoipv4.h in the Linux kernel before 3.11.7, when CONFIGNETLABEL is disabled, allows attackers to cause a denial of service infinite...

BIT-LIBPYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-PYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-PYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

CVE-2024-11319

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PT-2024-40898 · Unknown · Django Cms

Name of the Vulnerable Software and Affected Versions: django-cms versions 3.11.7 through 3.11.8 django-cms versions 4.1.2 through 4.1.3 Description: The issue affects django-cms, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations...

django CMS 安全漏洞

django CMS is django CMS open source an open source enterprise content management system based on the django framework. A security vulnerability exists in django CMS versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3, which stems from improper input neutralization during web page generation and is...

CVE-2024-5662

The Ultimate Post Kit Addons For Elementor – Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count Static widget in all versions up to, and...

WordPress Ultimate Post Kit Addons For Elementor plugin <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Social Count Static Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Post Kit versions = 3.11.7...

WordPress plugin Ultimate Post Kit Addons For Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

CVE-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

PT-2023-31617 · Hono · Hono

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 3.11.7 Description: The issue allows clients to override named path parameter values from previous requests when the application is using TrieRouter. This poses a risk that a privileged user may use unintended parameter...

PT-2023-8833 · Python +10 · Cpython +10

Name of the Vulnerable Software and Affected Versions: CPython versions 3.12.1 through 3.12.1 CPython versions 3.11.7 through 3.11.7 CPython versions 3.10.13 through 3.10.13 CPython versions 3.9.18 through 3.9.18 CPython versions 3.8.18 and prior Description: The issue is related to the...