MiracleLinux 7 : rsync-3.1.2-12.0.3.el7.AXS7 (AXSA:2025-9708:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9708:04 advisory. CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option CVE-2024-12088: make --safe-links stricter CVEs:...

CVE-2025-9708 vulnerabilities

Vulnerabilities for packages: kubernetes-reflector...

CVE-2025-9708

creationtimestamp| type| source ---|---|--- 2025-09-16 14:11:59+00:00| seen| https://seclists.org/oss-sec/2025/q3/169 2025-09-16 17:02:56+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lyxsfpzkhn2p 2025-09-16 18:06:08+00:00| seen|...

PT-2025-38069

Name of the Vulnerable Software and Affected Versions Kubernetes C client versions prior to 17.0.14 Description A flaw exists in the Kubernetes C client's certificate validation logic, allowing it to accept certificates from any Certificate Authority CA without proper trust chain verification. Th...

MAL-2025-9708 Malicious code in @womorg/temporibus-corporis-omnis (npm)

The package @womorg/temporibus-corporis-omnis was found to contain malicious code...

CVE-2024-9708

creationtimestamp| type| source ---|---|--- 2024-10-31 05:14:39+00:00| seen| https://t.me/cvedetector/9487...

CVE-2024-9708 Easy SVG Upload <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-9708 Easy SVG Upload <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2020-9708

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of th...

CVE-2020-9708

CVE-2020-9708 describes a path traversal in the resolveRepositoryPath function that does not properly validate input, allowing a malicious user to traverse to any valid Git repository outside the repoRoot and potentially access private repositories. Public documents (NVD/NVD entry) note a high-se...

CVE-2020-9708 GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of th...

CVE-2020-15617

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...

CVE-2020-15617

CVE-2020-15617 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is a SQL injection in ajax_list_accounts.php where the status parameter is not properly validated before being used in queries, enabling remote disclosure of sensitive information with no authentication. This is docume...

CVE-2020-15617

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...

Mahara 17.10 < 17.10.8, 18.04 < 18.04.4, 18.10 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

CVE-2019-9708

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user root, causing all users to be locked out from the system...

CVE-2019-9708

Mahara Software: Affected versions are 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. Root cause: a site administrator can suspend the system user (root), leading to a lockout of all users. Remediation: upgrade to the fixed versions (17.10.8, 18.04.4, 18.10.1) where fixed. ...

CVE-2017-9708

The CVE-2017-9708 issue affects Android for MSM (and related CAF builds) in the camera driver. The race condition stems from msm_ois_power_down being invoked without a mutex, causing a race in the *reg_ptr variable within msm_camera_config_single_vreg. Impact is described as a race condition with...

Palo Alto PAN-OS DoS Vulnerability (PAN-SA-2016-0027)

Palo Alto PAN-OS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...