SUSE-SU-2023:4749-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes: CVE-2023-34049: Arbitrary code execution via symlink attack bsc1215157 Non security fixes: Add python dateutil module to the bundle Allow all primitive grain types for autosigngrains bsc1214477 Remove non-free RNG schema fi...

PT-2023-32595 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle WordPress plugin versions prior to 1.51.0 Description: The issue allows users with the administrator role to perform Local File Inclusion LFI attacks in the context of Multisite WordPress sites. This is due to the...

Insights into your unpatched vulnerabilities

Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. That’s almost 25,550 new problems each year, of which roughly 4,250 or every one-in-six will be classified as “critical.” But with little guidance beyond “critical” classifications—and with the...

CVE-2023-24626

creationtimestamp| type| source ---|---|--- 2023-12-10 13:28:43+00:00| seen| https://t.me/arpsyndicate/1627 2025-05-09 20:26:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15842 2025-05-14 13:48:57+00:00| seen|...

CVE-2022-40507

creationtimestamp| type| source ---|---|--- 2023-12-05 10:46:49+00:00| seen| https://t.me/truesecator/5162 2023-12-05 12:58:09+00:00| seen| https://t.me/darkcommunityofficial/156 2024-10-14 15:50:35+00:00| seen| https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef 2025-01-07...

CVE-2023-40077

creationtimestamp| type| source ---|---|--- 2023-12-05 10:46:49+00:00| seen| https://t.me/truesecator/5162 2023-12-05 12:58:09+00:00| seen| https://t.me/darkcommunityofficial/156 2023-12-23 17:51:51+00:00| seen| https://t.me/ctinow/158881 2024-10-14 15:50:35+00:00| seen|...

UBUNTU-CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-29234 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.24 Electron versions prior to 24.8.3 Electron versions prior to 25.8.1 Electron versions prior to 26.2.1 Electron versions prior to 27.0.0-alpha.7 Description: This issue impacts Electron apps that have the...

WordPress SiteOrigin Widgets Bundle Plugin <= 1.50.1 is vulnerable to Local File Inclusion

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.50.1 Fixed in 1.51.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6295 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID d65c4e36bd60 Credits Sebastian Neef Required privile...

CVE-2023-49075

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

Design/Logic Flaw

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

CVE-2023-49075

The CVE-2023-49075 issue affects Pimcore’s Admin Classic Bundle (AdminBundle) by introducing PimcoreUserTwoFactorCondition in v11 that disables two-factor authentication for all non-admin security firewalls. An authenticated user could access the system without completing 2FA. The vulnerability i...

CVE-2023-49075 Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

Pimcore Admin Classic Bundle Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore Adm...

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

CVE-2023-47821 WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

CVE-2023-47636

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

CVE-2023-47636

CVE-2023-47636 affects the Pimcore Admin Classic Bundle. The vulnerability is a Full Path Disclosure (FPD) in the Backend UI where loading a file path (for example via fopen) can reveal the server’s full path when the file does not exist, due to missing error handling. The issue has been patched ...