Oracle Linux 8 : python3.11-setuptools (ELSA-2024-5532)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5532 advisory. 65.5.1-3 - Security fix for CVE-2024-6345 Resolves: RHEL-50484 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Fedora 39 : python3.6 (2024-e27230c6c3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e27230c6c3 advisory. Security fix for CVE-2024-6345 in the bundled setuptools wheel. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 40 : python2.7 (2024-4c8a159e6e)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4c8a159e6e advisory. Security fix for CVE-2024-6345 in the bundled setuptools wheel. Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2022-40898 affecting package python-wheel for versions less than 0.43.0-1

CVE-2022-40898 affecting package python-wheel for versions less than 0.43.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-35198

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability

Broken Access Control to Unauth Stored XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Plum: Spin Wheel & Email Pop-up versions = 2.0...

WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Plum: Spin Wheel & Email Pop-up versions = 2.0...

WordPress Plum: Spin Wheel & Email Pop-up Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Plum: Spin Wheel & Email Pop-up Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38744 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 688ef82694b8 Credits Ananda Dhakal Patchstack...

CVE-2024-3627

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

WordPress plugin Wheel of Life security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26942 · WordPress · The Wheel Of Life: Coaching/Assessment Tool For Life Coach

Name of the Vulnerable Software and Affected Versions: The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to a missing capability check on several functions in the AjaxFunctions.php file. This...

WordPress Wheel of Life: Coaching and Assessment Tool for Life Coach plugin <= 1.1.7 - Missing Authorization on Several AJAX Endpoints vulnerability

Missing Authorization on Several AJAX Endpoints vulnerability discovered by Lucio Sá in WordPress Plugin Wheel of Life versions = 1.1.7...

WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

python3.12-wheel bug fix and enhancement update

An update is available for python3.12-wheel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

RHEL 8 : python-wheel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-4089...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-3466)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3466 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 7 : python-wheel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-4089...

CentOS 9 : python-wheel-0.36.2-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python- wheel-0.36.2-8.el9 build changelog. - An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via...

How to Prepare for a Cyberattack

Deciphering the Cyber Invasion Terrain We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments, and solitary users. As we hurdle deeper into the digital era, the art of cyber misdemeanors continues to...

CVE-2023-51408

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3...