CVE-2024-5810

The CVE-2024-5810 entry concerns the WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 WordPress plugin. The connected Red Hat entry confirms that all versions up to 1.0.1 are affected due to hard-coded credentials used to authenticate incoming API requests, enabling unauthenticated atta...

CVE-2024-5810 WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

WordPress Media Hygiene plugin <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Attachment Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Media Hygiene versions = 3.0.1...

CVE-2024-5855

The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulkactiondelete and deletesingleimagecall AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for...

PT-2024-37194 · WordPress · Media Hygiene

Name of the Vulnerable Software and Affected Versions: Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to a missing capability check on the bulk action delete and delete single image call AJAX...

SUSE CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

DEBIAN-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

UBUNTU-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

PT-2024-4731

Name of the Vulnerable Software and Affected Versions: Exim versions prior to 4.98 Exim versions 4.97.1 and earlier Exim versions 4.93-13ubuntu1.12 and earlier Exim versions 4.94.2-7+deb11u3 and earlier Exim versions 4.96-15+deb12u5 and earlier Description: Exim is vulnerable to a parsing error i...

CVE-2024-39929

CVE-2024-39929 affects Exim by misparsing multiline RFC 2231 header filenames, allowing a remote attacker to bypass a mime_filename extension-blocking check and potentially deliver executable attachments. Public references show patches exist: Fedora/NASL entries note fixes in exim 4.98 (and newer...

Exim Security Vulnerabilities

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability exists in Exim 4.97.1 and earlier versions, which stems from incorrectly parsing multiple lines of RFC 2231 header filenames, so that a remote attacker can bypass t...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

Advisory ROSA-SA-2024-2444

Software: xdg-utils 1.1.3 OS: ROSA-CHROME packageevrstring: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-1830)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 In Emacs before...

CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress Sparkle Demo Importer plugin <= 1.4.7 - Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability

Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability discovered by Lucio Sá in WordPress Plugin Sparkle Demo Importer versions = 1.4.7...

Unspecified Vulnerability in Nextcloud Calendar (CNVD-2024-31492)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Calendar, which can be exploited by an authenticated attacker to create attachments that link to other websites v...

cosign: Malicious attachments can cause system-wide denial of service

A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the sam...