RHEL 7 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to caus...

RHEL 5 : libnl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libnl: Integer overflow in nlmsgreserve CVE-2017-0553 Note that Nessus has not tested for this issue but has instea...

RHEL 6 : pyyaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - PyYAML: yaml.load API could execute arbitrary code CVE-2017-18342 Note that Nessus has not tested for this issue bu...

AlmaLinux 9 : nghttp2 (ALSA-2024:3501)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3501 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Ness...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

CVE-2024-5044 Emlog Pro Cookie improper authentication

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

CVE-2024-5044 Emlog Pro Cookie improper authentication

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

CVE-2024-4144

The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of...

CVE-2024-4144

CVE-2024-4144 affects the WordPress plugin Simple Basic Contact Form . The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes, via an arbitrary shortcode execution flaw in all versions up to 20240502. The CVSS baseline in the connected data is 6.5 (Medium) with network...

Rocky Linux 9 : less (RLSA-2024:1692)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1692 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for this issue but has inste...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3734

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957

Booster for WooCommerce (CVE-2024-3957) allows unauthenticated arbitrary shortcode execution in versions up to 7.1.8. Wordfence notes the issue as a patched vulnerability, with CVSS v3.1 base score 7.3 (HIGH) and no user interaction required. Connected documents confirm the affected software and ...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-33103

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...

CVE-2024-33103

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...