WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51b5eb3fcb26 Credits Bob Matyas...

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-27905 · WordPress · Base64 Encoder/Decoder

Name of the Vulnerable Software and Affected Versions: Base64 Encoder/Decoder WordPress plugin versions 0.9.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the plugin, along with missing sanitization and escaping. This could allow attackers to make...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3823 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 27653189d20e Credits Bob Matyas Required...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

RHEL 7 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 5 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder CVE-2016-9636 - The qtdemuxtagaddstrfull...

RHEL 8 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 7 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder CVE-2016-9636 - The gstaacparsesinksetcaps...

OESA-2024-1529 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

OESA-2024-1530 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

RHEL 8 : squid:4 (RHSA-2024:2777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2777 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: denial of...

GLSA-202405-18 : Xpdf: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-18 Xpdf: Multiple Vulnerabilities - In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an heap-use-after-free problem. The codes of ...

PT-2024-40756 · Avif · Avif

Name of the Vulnerable Software and Affected Versions: avif affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the avifSequenceHeaderParse function, which is called by avifDecoderReset and avifDecoderParse...

Arbitrary Code Execution

Mercurial is vulnerable to a Arbitrary Code Execution. The vulnerability is due to incorrect bound checks in the binary delta decoder which allows an attacker to execute arbitrary code via a clone, push, or pull command, related to either list sizing rounding error or short records...

CentOS 7 : rhc-worker-script (RHSA-2024:2625)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK sta...

Fedora 37 : pypy3.9 (2023-af5206f71d)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af5206f71d advisory. Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html Security fix for CVE-2022-37454, CVE-2022-45061, CVE-2022-42919. Tenable h...

Fedora 37 : python2.7 (2023-a990c93ed0)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a990c93ed0 advisory. Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder Tenable has extracted the preceding description block directly from the...

Fedora 38 : python2.7 (2023-01b481a31e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01b481a31e advisory. Automatic update for python2.7-2.7.18-28.fc38. Changelog Mon Dec 19 2022 Charalampos Stratakis - 2.7.18-28 - Security fix for CVE-2022-45061: CPU denial of...