CLSA-2024-1705945513 Update of ca-certificates

update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...

CLSA-2024-1705941268 Update of ca-certificates

update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...

CLSA-2024-1705941172 Update of alt-php

Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...

CLSA-2024-1705941083 Update of alt-php

Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...

CVE-2024-21665

CVE-2024-21665 affects Pimcore’s ecommerce-framework-bundle. An authenticated user without proper permissions can access the back-office orders list via the admin/ecommerceframework/admin-order/list endpoint, indicating insufficient access control. Root cause: lack of permission enforcement for t...

CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, ecommerce framework and product information management applications. A security vulnerability exists in Pimcore...

WordPress Email Encoder Bundle Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7070 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbe9fb4a4a45 Credits Webbernaut Require...

WordPress SiteOrigin Widgets Bundle Plugin < 1.51.0 LFI Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:siteorigin:siteoriginwidgetsbundle"; if description...

CVE-2023-7027

creationtimestamp| type| source ---|---|--- 2024-01-03 06:26:45+00:00| seen| https://t.me/ctinow/162207 2024-01-04 01:32:15+00:00| seen| https://t.me/cibsecurity/74276 2024-01-08 02:01:25+00:00| published-proof-of-concept| https://t.me/codeb0ss/1350 2024-01-09 21:16:41+00:00| seen|...

CVE-2023-6295

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

Design/Logic Flaw

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

CVE-2023-6295

CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions

WordPress Plugin SiteOrigin Widgets Bundle Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

SUSE-SU-2023:4844-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS7 bundle bsc1217592...

SUSE-SU-2023:4843-1 Security update for python3-cryptography

This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS7 bundle bsc1217592...

SUSE-SU-2023:4842-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS7 bundle bsc1217592...

SUSE SLES15 Security Update : SUSE Manager Salt Bundle (SUSE-SU-2023:4749-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:4749-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has instead...

SUSE-SU-2023:4757-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes: CVE-2023-34049: Arbitrary code execution via symlink attack bsc1215157 Non security fixes: Add python dateutil module to the bundle Allow all primitive grain types for autosigngrains bsc1214477 Remove non-free RNG schema fi...