PT-2024-24637 · Gutengeek · Gutengeek Gg Woo Feed For Woocommerce

Name of the Vulnerable Software and Affected Versions: GutenGeek GG Woo Feed for WooCommerce versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects GutenGeek GG Woo Feed for WooCommerce. Recommendations: For versions 1.2.6...

CVE-2024-21111

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

PT-2024-3145 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers ...

PT-2024-2234 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure, allowing for potential exploitation. This could enable a remote attacker to conduct cross-site scriptin...

WordPress Plugin Social Sharing Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

AZL-34556 CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...

CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)

The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...

MTN Group: DOM Based Reflected Cross Site Scripting

The outdated version of Swagger used by the notification-server-v2.sz-my.mtn.com asset was found to be vulnerable to a DOM-based reflected cross-site scripting vulnerability. The vulnerability was triggered by crafting a malicious URL that resulted in the execution of arbitrary scripts in the...

PT-2023-24289 · Woocommerce · Automatewoo

Name of the Vulnerable Software and Affected Versions: AutomateWoo versions 4.9.40 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This allows for the upload of files with potentially dangerous types,...

Fedora 39 : matrix-synapse (2023-957972e77c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-957972e77c advisory. Update to 1.95.1 CVE-2023-43796 ---- Update to v1.95.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-001)

The version of tomcat installed on the remote host is prior to 8.5.89-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-001 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and...

ImageMagick < 7.1.1-11 Multiple Vulnerabilities

The remote Windows host has a version of ImageMagick installed that is prior to 7.1.1-10. It is, therefore, affected by multiple vulnerabilites: - remote code execution vulnerability in OpenBlob with --enable-pipes configured. CVE-2023-34152 - security flaw occuring as undefined behavior of casti...

Mozilla Firefox < 116.0

The version of Firefox installed on the remote Windows host is prior to 116.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-29 advisory. - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that...

CVE-2023-32455

Dell Wyse ThinOS versions prior to 2208 9.3.2102 contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files...

Amazon Linux 2 : mc (ALAS-2023-2147)

The version of mc installed on the remote host is prior to 4.8.29-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2147 advisory. An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is...

Fortinet FortiNAC RCE (FG-IR-23-074)

The version of FortiNAC installed on the remote host is prior to 9.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-074 advisory. - A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows...

Mozilla Thunderbird < 102.12

The version of Thunderbird installed on the remote Windows host is prior to 102.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-21 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng,...

PT-2023-36091 · Users · Users

Name of the Vulnerable Software and Affected Versions: users affected versions not specified Description: The issue concerns the users crate, which has not been updated since 2020-10-08, and its developer appears to be inactive. Recommendations: At the moment, there is no information about a newe...

WordPress plugin WP OAuth Server 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...