PT-2024-30506 · Unknown +1 · Divi Builder +4

Name of the Vulnerable Software and Affected Versions: The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress versions up to, and including, 2.5.3 Description: The issue is related to DOM-Based Cross-Site Scripting due to insufficient input sanitization and outpu...

WordPress plugin Supreme Modules Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Supreme Modules Lite Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Supreme Modules Lite Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7cdff0f72f Credits Webbernaut Required...

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-27018 netfilter: br_netfilter: skip conntrack input hook for promisc packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a security flaw in the unload/reload behavior of modules...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

CVE-2024-33270

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...

Moderate: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Denial Of Service (DoS)

nfstream is vulnerable to Denial of Service DoS. The vulnerability is due to unfreed allocated modules when the nfstream object is destroyed without being used, potentially causing a local Denial of Service DoS...

PT-2024-25185 · Unknown · Fme Modules Customfields

Name of the Vulnerable Software and Affected Versions: FME Modules customfields versions 2.2.7 and before Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the "Custom Checkout Fields, Add Custom Fields to Checkout" parameter of the "ajax.php"...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

PT-2024-25181 · Unknown · Fme Modules Fileuploads

Name of the Vulnerable Software and Affected Versions: FME Modules fileuploads versions 2.0.3 and earlier Description: An issue in FME Modules fileuploads allows a remote attacker to obtain sensitive information via the "uploadfiles.php" component. Recommendations: For versions 2.0.3 and earlier,...

CVE-2024-33270

The CVE-2024-33270 vulnerability affects FME Modules fileuploads (version 2.0.3 and earlier; fixed in 2.0.4). A flaw in the uploadfiles.php component allows a remote attacker to obtain sensitive information. Impact is information disclosure; no data integrity or availability impact noted in the p...

CVE-2024-33270

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...

ALSA-2024:2246 Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

RHEL 9 : pcs (RHSA-2024:2113)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2113 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial ...

Moderate: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: allowing unprivileged user to block another user namespace CVE-2024-22365 For more details about the security issues,...

Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...