MiracleLinux 9 : python3.11-3.11.7-1.el9_4.1 (AXSA:2024-8483:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8483:16 advisory. python: Path traversal on tempfile.TemporaryDirectory CVE-2023-6597 Tenable has extracted the preceding description block directly from the MiracleLinux...

BIT-LIBPYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-PYTHON-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

BIT-PYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

django CMS 安全漏洞

django CMS is django CMS open source an open source enterprise content management system based on the django framework. A security vulnerability exists in django CMS versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3, which stems from improper input neutralization during web page generation and is...

WordPress Ultimate Post Kit Addons For Elementor plugin <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Social Count Static Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Post Kit versions = 3.11.7...

WordPress plugin Ultimate Post Kit Addons For Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

WordPress Elementor Pro Plugin < 3.11.7 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:elementorpro"; if description...