WP Design Maps & Places Security Vulnerabilities

CVE-2023-52735 bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run...

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

CVE-2024-26905

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix data races when accessing the reserved amount of block reserves At space_info.c we have several places where we access the ->reserved field of a block reserve without taking the block reserve's spinlock first, which.....

10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection

Description The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-25977

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken...

CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run...

CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet.....

CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet.....

CVE-2024-34404

A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup...

Cisco Smart Install (SMI) Protocol Misuse (cisco-sa-20170214-smi) - Unreliable Check

Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, load a new IOS...

CVE-2024-21809

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local...

MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...

RHEL 9 : kernel-rt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (CVE-2023-52607) In the Linux...

CVE-2024-34404

A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup...

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-26905 btrfs: fix data races when accessing the reserved amount of block reserves

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix data races when accessing the reserved amount of block reserves At space_info.c we have several places where we access the -&gt;reserved field of a block reserve without taking the block reserve's spinlock first, which.....

CVE-2024-26905 btrfs: fix data races when accessing the reserved amount of block reserves

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix data races when accessing the reserved amount of block reserves At space_info.c we have several places where we access the -&gt;reserved field of a block reserve without taking the block reserve's spinlock first, which.....

CVE-2024-25975

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run...

macOS 11.x < 11.7 (HT213443)

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7 Big Sur. It is, therefore, affected by multiple vulnerabilities : Flaws with handling memory in the kernel. As a result, an app can be able to execute arbitrary code with kernel privileges or disclose kernel...

CVE-2023-52735 bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

CVE-2024-21862

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local...

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706...

GitLab 12.9.8 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-2592)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create...

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

RHEL 9 : kernel (RHSA-2024:1304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1304 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: memcg does not limit the number of...

JBossWS Endpoint Uses Unsafe Encryption

The W3C XML Encryption Standard, implemented in JBossWS and used by one or more endpoints on the remote host, contains a design error. The design error allows unauthenticated, remote attackers to decrypt captured SOAP responses via a chosen-ciphertext attack. This issue affects all block ciphers...

CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary...

CVE-2024-35990

In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan-&gt;lock or chan-&gt;vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ ....

CVE-2024-35990

In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan-&gt;lock or chan-&gt;vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ ....

Qualys Is Proud to Sign CISA’s Secure by Design Pledge

Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency (CISA) and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a...

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-3582 Ungallery <= 2.2.4 - Stored XSS via CSRF

The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

Stacklok Minder vulnerable to denial of service from maliciously crafted templates

Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the.....

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

Report outdated / end-of-life Scan Engine / Environment (local)

This script checks and reports an outdated or end-of-life scan engine for the following environments: Greenbone Community Edition Greenbone Enterprise TRIAL (formerly Greenbone Security Manager TRIAL / Greenbone Community Edition VM) used for this scan. NOTE: While this is not, in and of...

CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/* which is a shared directory for all users on the same local system. There is no uniqueness to the package names within.....

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of....

CMS Made Simple <= 2.2.20 Multiple Vulnerabilities

CMS Made Simple is prone to multiple...

openSUSE 15 Security Update : cJSON (openSUSE-SU-2024:0139-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0139-1 advisory. - Update to 1.7.18: * CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420) * Remove non-functional list handling...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of....

Apache Tomcat 8.5.0 < 8.5.28 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.28. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.28_security-8 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...

CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF...

Internet Key Exchange (IKE) Aggressive Mode Information Disclosure Vulnerability (CVE-2002-1623)

Internet Key Exchange (IKE) protocol enabled services running in / supporting the aggressive mode are prone to an information disclosure...

Apache Tomcat 7.0.0 < 7.0.85 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.85. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.85_security-7 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...

Apache Tomcat 8.0.0.RC1 < 8.0.50 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.0.50_security-8 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...