CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)

The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...

MTN Group: DOM Based Reflected Cross Site Scripting

The outdated version of Swagger used by the notification-server-v2.sz-my.mtn.com asset was found to be vulnerable to a DOM-based reflected cross-site scripting vulnerability. The vulnerability was triggered by crafting a malicious URL that resulted in the execution of arbitrary scripts in the...

PT-2023-24289 · Woocommerce · Automatewoo

Name of the Vulnerable Software and Affected Versions: AutomateWoo versions 4.9.40 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This allows for the upload of files with potentially dangerous types,...

Fedora 39 : matrix-synapse (2023-957972e77c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-957972e77c advisory. Update to 1.95.1 CVE-2023-43796 ---- Update to v1.95.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-001)

The version of tomcat installed on the remote host is prior to 8.5.89-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-001 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and...

ImageMagick < 7.1.1-11 Multiple Vulnerabilities

The remote Windows host has a version of ImageMagick installed that is prior to 7.1.1-10. It is, therefore, affected by multiple vulnerabilites: - remote code execution vulnerability in OpenBlob with --enable-pipes configured. CVE-2023-34152 - security flaw occuring as undefined behavior of casti...

Mozilla Firefox < 116.0

The version of Firefox installed on the remote Windows host is prior to 116.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-29 advisory. - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that...

CVE-2023-32455

Dell Wyse ThinOS versions prior to 2208 9.3.2102 contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files...

Amazon Linux 2 : mc (ALAS-2023-2147)

The version of mc installed on the remote host is prior to 4.8.29-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2147 advisory. An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is...

Fortinet FortiNAC RCE (FG-IR-23-074)

The version of FortiNAC installed on the remote host is prior to 9.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-074 advisory. - A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows...

Mozilla Thunderbird < 102.12

The version of Thunderbird installed on the remote Windows host is prior to 102.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-21 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng,...

PT-2023-36091 · Users · Users

Name of the Vulnerable Software and Affected Versions: users affected versions not specified Description: The issue concerns the users crate, which has not been updated since 2020-10-08, and its developer appears to be inactive. Recommendations: At the moment, there is no information about a newe...

WordPress plugin WP OAuth Server 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-13891 · WordPress · Wp Sunshine Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: WP Sunshine Sunshine Photo Cart plugin versions 2.9.13 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-12393 · Qlik · Qlikview

Name of the Vulnerable Software and Affected Versions: Qlik QlikView versions prior to 12.60.20100.0 Description: The issue allows the creation of a temporary file in a directory with insecure permissions. Recommendations: For versions prior to 12.60.20100.0, update to version 12.60.20100.0 or...

PT-2022-27670 · Unknown · Planet Estream

Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue allows attackers to call restricted functions and perform unauthenticated uploads via the "Upload2.ashx" endpoint or access content uploaded by other users through "View.aspx"...

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. CVE-2022-46882 - A missing...

Google Chrome < 108.0.5359.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 202212stable-channel-update-for-desktop13 advisory. - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allow...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla...