RHCOS 4 : OpenShift Container Platform 4.10.18 (RHSA-2022:4943)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4943 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for this issue but has inste...

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.18 Fixed in 4.10.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1242 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 681ce22404a9 Credits Nikolas Requir...

PT-2024-17587 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.18 Description: The issue is related to Stored Cross-Site Scripting via the button onclick attribute due to insufficient input sanitization and output...

PT-2024-24346 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.18 XWiki Platform versions 15.5.4 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The HTML escaping tool used in XWiki does not escape , which can allow XWiki syntax injection an...

PT-2024-24336 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1 through 4.10.18 XWiki Platform versions 14.10.18 and earlier XWiki Platform versions 15.5.4 and earlier XWiki Platform version 15.10-rc-1 and earlier Description: The issue allows execution of arbitrary code on the...

PT-2022-24955 · Unknown +2 · Parse Server +2

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.18 Parse Server versions prior to 5.3.1 on the 5.X branch Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An attacker can use a prototype...

SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)

This update for samba fixes the following issues : Update to 4.10.18 ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NR...

Samba ZeroLogon Vulnerability (CVE-2020-1472)

Samba is prone to an unauthenticated domain takeover vulnerability via netlogon ZeroLogon. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

SUSE-SU-2020:2720-1 Security update for samba

This update for samba fixes the following issues: - Update to 4.10.18 - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol...