Rocky Linux 8 : postgresql:13 (RLSA-2024:0975)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0975 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer...

WordPress Plugin affiliate-toolkit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18362 · WordPress · Affiliate-Toolkit – Wordpress Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress versions up to, and including, 3.5.4 Description: The issue is related to unauthorized access due to a missing capability check on the atkp create list function. This...

BIT-MEDIAWIKI-2020-26121

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...

BIT-POSTGRESQL-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

BIT-OPENFIRE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

BIT-OPENFIRE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

BIT-MAGENTO-2021-28563 Magento Commerce improper Authorization via the 'Create Customer' endpoint

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-006)

The version of postgresql installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-006 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-547)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-547 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as...

ALSA-2024:1150 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

PT-2024-13616 · Archibus · Archibus

Name of the Vulnerable Software and Affected Versions: Archibus app version 4.0.3 for iOS Description: An issue was discovered in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate...

ARCHIBUS Cross-Site Scripting Vulnerability

ARCHIBUS is a software platform from ARCHIBUS focused on helping organizations effectively manage their real estate, facilities and infrastructure to improve efficiency, reduce costs and support strategic planning. A cross-site scripting vulnerability exists in ARCHIBUS version 4.0.3 iOS, which...

CVE-2024-26615 net/smc: fix illegal rmb_desc access in SMC-D connection dump

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmbdesc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smcrun nginx smcrun wrk -t 16 -c 1000 -d -H 'Connection...

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

IBM Cloud Pak for Automation Security Vulnerability

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from International Business Machines IBM. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automated applications and...

PT-2024-21816 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.1 Description: An authenticated user with privileges to create alerts on Alerts & Reports can generate a specially crafted SQL statement that triggers an error...

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

Oracle Linux 8 : postgresql:13 (ELSA-2024-0975)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0975 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 13.14-1.0.1 - update to 13.14 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block...