Google Chrome < 130.0.6723.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop22 advisory. - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42082)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42082 advisory. - In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

Amazon Linux 2 : httpd (ALAS-2024-2594)

The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...

CVE-2024-6121 NI SystemLink Server Ships Out of Date Redis Version

An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...

PT-2024-33238 · Progress · Sitefinity

Name of the Vulnerable Software and Affected Versions: Sitefinity versions prior to 15.1.8321.0 Description: The issue allows the user to be redirected to an arbitrary site. Recommendations: For versions prior to 15.1.8321.0, update to a version that contains a fix for this issue. At the moment,...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300

Technical details are not publicly available in the provided documents. Monitor for updates from HP and security advisories to obtain affected versions, vulnerable components, and remediation steps.

PT-2024-26637 · Analytify · Analytify

Name of the Vulnerable Software and Affected Versions: Analytify versions prior to 5.2.4 Description: A Cross-Site Request Forgery CSRF issue affects Analytify, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For versions prior to 5.2.4,...

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-013)

The version of tomcat installed on the remote host is prior to 9.0.87-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-013 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to ke...

PT-2024-24637 · Gutengeek · Gutengeek Gg Woo Feed For Woocommerce

Name of the Vulnerable Software and Affected Versions: GutenGeek GG Woo Feed for WooCommerce versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects GutenGeek GG Woo Feed for WooCommerce. Recommendations: For versions 1.2.6...

CVE-2024-21111

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

PT-2024-3145 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers ...

PT-2024-2234 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure, allowing for potential exploitation. This could enable a remote attacker to conduct cross-site scriptin...

WordPress Plugin Social Sharing Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

AZL-34556 CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...