MINI-JH6W-5348-C6R4

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2016-5348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle...

CVE-2023-5348

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...

CVE-2024-5348

The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafterlayout' attribute of the beforeafter widget, the 'eventsgridlayout' attribute of the eventsgrid and list widgets, the 'marqueelayout' attribute of th...

CGA-CQR6-5348-4M6H

Bulletin has no description...

WordPress Elements For Elementor Plugin <= 2.1 is vulnerable to Local File Inclusion

Software Elements For Elementor Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5348 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 9e9484637a31 Credits stealthcopter Required privilege...

CVE-2024-5348

The Elements For Elementor plugin (WordPress) is affected by CVE-2024-5348: Local File Inclusion in all versions up to 2.1 via multiple widget attributes (beforeafter_layout, eventsgrid_layout, marquee_layout, postgrid_layout, woocart_layout, woogrid_layout). Authenticated attackers with Contribu...

CVE-2023-5348

creationtimestamp| type| source ---|---|--- 2023-12-21 23:16:48+00:00| seen| https://t.me/ctinow/158038...

CVE-2023-5348

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...

CVE-2023-5348

CVE-2023-5348 affects the WordPress plugin “Product Catalog Mode For WooCommerce” (pre-5.0.3). The issue arises from improper authorization of settings updates and failure to escape settings values, enabling stored XSS by unauthenticated users. Affected version range is prior to 5.0.3; remediatio...

Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-3 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

Debian DSA-5348-1 : haproxy - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5348 advisory. - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka request smuggling. The HTTP head...

Ubuntu: Security Advisory (USN-5348-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : Smarty vulnerabilities (USN-5348-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-1 advisory. David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this u...

CVE-2020-5348

CVE-2020-5348 affects Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28. The vulnerability is a use-after-free in EFI_BOOT_SERVICES when operating in System Management Mode, enabling a local unauthenticated attacker to overwrite EFI_BOOT_SERVICES and execute arbitrary code in SMM. Suppo...

CVE-2019-5348

HPE Intelligent Management Center (IMC) PLAT features a remote code execution in GWT deviceservice due to expression language injection via queryCustomCondition (beanName) in vulnerable builds before 7.3 E0506P09. Exploitation requires authentication but can bypass; code executes with SYSTEM priv...

edu.amherst.acdc:acrepo-jsonld-cache (=1.0.0), edu.amherst.acdc:acrepo-template-mustache (=1.0.0) +30 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-http4 (>=2.10.0 <=2.15.4)

org.apache.camel:camel-http4 MAVEN version =2.10.0, =2.11.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.1 and more Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...

org.apache.camel:camel-ahc-ws (=2.16.0) potentially affected by CVE-2015-5348 via org.apache.camel:camel-ahc (=2.16.0)

org.apache.camel:camel-ahc MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-ahc and may be impacted: - org.apache.camel:camel-ahc-ws =2.16.0 Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...

org.apache.camel:camel-example-cxf-proxy (=2.16.0), org.apache.camel:camel-sap-netweaver (=2.16.0) potentially affected by CVE-2015-5348 via org.apache.camel:camel-http (=2.16.0)

org.apache.camel:camel-http MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-http and may be impacted: - org.apache.camel:camel-example-cxf-proxy =2.16.0 - org.apache.camel:camel-sap-netweaver =2.16.0 Source...

org.apache.camel:camel-ahc-ws (>=2.14.0 <=2.15.4) potentially affected by CVE-2015-5348 via org.apache.camel:camel-ahc (>=2.14.0 <=2.15.4)

org.apache.camel:camel-ahc MAVEN version =2.14.0, =2.14.0, =2.15.4 Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...