15 matches found
PT-2026-40388
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...
openSUSE Security Advisory (SUSE-SU-2024:3545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability
Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...
WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection
Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...
VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)
Advisory ID: | VMSA-2024-0017 ---|--- Advisory Severity: | Important CVSSv3 Range: | 8.5 Synopsis: | VMware Aria Automation updates address SQL-injection vulnerability CVE-2024-22280 Issue date: | 2024-07-10 Updated on: | 2024-07-10 CVEs | CVE-2024-22280 1. Impacted Products VMware Aria Automatio...
WordPress Conversios.io Plugin <= 7.0.7 is vulnerable to SQL Injection
Software Conversios.io Type Plugin Vulnerable versions = 7.0.7 Fixed in 7.0.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1203 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 047c3aed63ee Credits Krzysztof Zając Required privilege Subscriber...
CVE-2023-22516
CVE-2023-22516 affects Atlassian Bamboo Data Center and Server versions 8.1.0 through 9.3.0. It is an authenticated remote code execution vulnerability with a CVSS v3.1 base score of 8.8 (vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and a CVSS v3.0 score of 8.5 (attack vector NETWORK, privileges ...
CVE-2023-22513
CVE-2023-22513 is a high-severity remote code execution vulnerability in Bitbucket Data Center/Server, introduced in v8.0.0. An authenticated attacker can execute arbitrary code with high impact on confidentiality, integrity, and availability, with no user interaction. Fixed versions are specifie...
WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability
UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...
CVE-2018-11749
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...
Fedora Update for bind FEDORA-2012-8946
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for postgresql FEDORA-2011-0963
Check for the Version of postgresql OpenVAS Vulnerability Test Fedora Update for postgresql FEDORA-2011-0963 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
SLES11: Security update for MySQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: libmysqlclient15 libmysqlclientr15 mysql mysql-Max mysql-client More details may also be found by searching for the SuSE Enterprise Server 11 patch database...
Ubuntu USN-812-1 (subversion)
The remote host is missing an update to subversion announced via advisory USN-812-1. OpenVAS Vulnerability Test $Id: ubuntu8121.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8121.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-812-1 subversion Authors:...