Fedora 37 : php (2022-f204e1d0ed)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f204e1d0ed advisory. PHP version 8.1.12 27 Oct 2022 Core: Fixes segfault with Fiber on FreeBSD i386 architecture. David Carlier Fileinfo: Fixed bug GH-8805 finfo returns...

CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin...

CVE-2024-4183

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

WordPress plugin ActiveCampaign 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a "AC Forms" Gutenberg block to a...

CVE-2022-37454 affecting package php for versions less than 8.1.12-1

CVE-2022-37454 affecting package php for versions less than 8.1.12-1. An upgraded version of the package is available that resolves this issue...

Chocolatey PHP Permission Design Vulnerability

PHP is a scripting language that executes on the server side. A privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which originates from all users in the Authenticated users group having write access to the subfolder C:\tools\php81 and all files in that folder,...

CVE-2022-43565

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation JSON lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the...

CVE-2022-43569

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...

PT-2022-26967 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: A remote user who can create search macros and schedule search reports can cause a denial of service...

PT-2022-26972 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows an authenticated user to inject and store arbitrary scripts, leading to persistent...

PT-2022-26968 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Description: The issue arises from how the tstats command handles Javascript Object Notation JSON, allowing an attacker to bypass SPL safeguards for risky...

CVE-2022-43561

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...

PT-2022-26964 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows a remote user with the "power" Splunk role to store arbitrary scripts, leading to...

Security fix for the ALT Linux 10 package php8.1 version 8.1.12-alt1

8.1.12-alt1 built Nov. 3, 2022 Anton Farygin in task 309327 Oct. 31, 2022 Anton Farygin - 8.1.11 - 8.1.12 Fixes: CVE-2022-37454, CVE-2022-31630...

IBM Spectrum Protect Operations Center 安全漏洞

IBM Spectrum Protect Operations Center, an IBM company, provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are vulnerable to information disclosure vulnerability, which stems from the fact that account passwords may b...

WordPress Google Maps Plugin < 8.1.13 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:codecabin:wpgomaps"; if description...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. WordPress Plugin A cross-site scripting...

PT-2021-15916 · Unknown · Wp Google Maps

Name of the Vulnerable Software and Affected Versions: WP Google Maps versions prior to 8.1.12 Description: The issue is related to an authenticated Stored Cross-Site Scripting problem. It occurs because the Map Name is not properly sanitised, validated, or escaped when it is output in the Map Li...