(0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +86 more potentially affected by CVE-2024-1722 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=23.0.7)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.1.4, =1.1.5 and more Source cves: CVE-2024-1722 Source advisory: OSV:GHSA-CQ42-VHV7-XR7P...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +87 more potentially affected by CVE-2021-3754 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.0)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.1.4, =1.1.5 and more Source cves: CVE-2021-3754 Source advisory: OSV:GHSA-4VC8-PG5C-VG4X...

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +7 more potentially affected by CVE-2024-37300 via oauthenticator (>=14.0.0 <=16.2.1)

oauthenticator PYPI version =14.0.0, =0.0.2.5, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.2.25, =0.3.2 Source cves: CVE-2024-37300 Source advisory: OSV:GHSA-GPRJ-3P75-F996...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-3831)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3831 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +95 more potentially affected by CVE-2024-3656 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.4)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =2.7.4-24.0 and more Source cves: CVE-2024-3656 Source advisory: OSV:GHSA-2CWW-FGMG-4JQC...

containernetworking-plugins security and bug fix update

1:1.4.0-3 - rebuild for CVE-2023-45290 - Resolves: RHEL-28384...

GO-2024-2858 Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

SUSE: Security Advisory (SUSE-SU-2024:1945-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0215)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-5638

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ticustomizernotifydismissrecommendedplugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible fo...

SUSE SLED15: gstreamer-plugins-base / gstreamer-plugins-base-32bit / etc (SUSE-SU-2024:1945-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata...

SUSE-SU-2024:1945-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806...

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

Fedora: Security Advisory (FEDORA-2024-b8e474fbd3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for deepin-qt5platform-plugins (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

PT-2024-28840 · WordPress · Post Blocks +5

Name of the Vulnerable Software and Affected Versions: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting via the class...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, certificate-transparency-fips, kafka-proxy, clusterctl, nri-nagios, ksops, cass-operator-fips-no-pvc-delete, flux-image-automation-controller, prometheus-alertmanager-fips, helm, terragrunt, prometheus-postgres-exporter, nats, kubevela, xcaddy...

GO-2024-2750 Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure

Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...