WP Design Maps & Places Security Vulnerabilities

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and...

Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are....

Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are....

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a...

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a...

Amazon Linux 2 : kernel (ALAS-2021-1685)

The version of kernel installed on the remote host is prior to 4.14.238-182.421. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1685 advisory. 2024-06-06: CVE-2021-47006 was added to this advisory. 2024-05-23: CVE-2021-47013 was added to this advisory. ...

Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

CVE-2024-38573

In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some...

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block

Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to....

21-Year-Old Matt Bergin Shines in U.S. Cyber Challenge, Wins Second Place

Quick Summary Matt Bergin, a 21-year-old sales representative by day, spends his nights hacking into network systems. Recognized Talent: Bergin's skills led to an invitation to the U.S. Cyber Challenge, organized by the White House and U.S. Navy. Impressive Achievement: He secured 2nd place in...

RHEL 7 : libdwarf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libdwarf: heap-based buffer over-read in dwarf_formsdata() (CVE-2017-9055) The dwarf_read_cie_fde_prefix...

CVE-2024-38637

In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places....

CVE-2024-36922

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq-&gt;read_ptr under lock If we read txq-&gt;read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....

CVE-2021-47485

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math....

CVE-2024-31269

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through...

CVE-2024-31271

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through...

CVE-2024-31269

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through...

RHEL 5 : procps-ng,_procps (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0251-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1644-1)

The remote host is missing an update for...

EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2019-1704)

According to the version of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : Contains license of the BIND DNS suite. Security Fix(es):By design, BIND is intended to limit the number of TCP...

RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow...

NPS computy < 2.7.6 - Results Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, ...

Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are....

About the security content of macOS Ventura 13.6.7

About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

All telephony code PendingIntent should use FLAG_IMMUTABLE to prevent security hole

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

Subhunter - A Fast Subdomain Takeover Tool

Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when.....

CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities

CMS Made Simple is prone to multiple reflected cross-site scripting (XSS)...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-049)

The version of kernel installed on the remote host is prior to 5.10.82-83.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-049 advisory. A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler...

CentOS 9 : spamassassin-3.4.6-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the spamassassin-3.4.6-5.el9 build changelog. In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output...

Exploit for CVE-2022-24125

Update: Dark Souls III 1.15.1 A new game update, 1.15.1, has...

openSUSE Security Update : neovim (openSUSE-2019-1759)

This update for neovim fixes the following issues : neovim was updated to version 0.3.7 : CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5 : options: properly reset directories on 'autochdir' Remove MSVC...

RHEL 5 : kernel (RHSA-2012:0007)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0007 advisory. kernel: no access restrictions of /proc/pid/* after setuid program exec (CVE-2011-1020) kernel: proc: fix oops on invalid /proc//maps...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1085)

The openSUSE Leap 42.3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL...

CVE-2024-34404

A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup...

[SECURITY] Fedora 40 Update: python-django-4.2.11-2.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself)...

ENL Newsletter <= 1.0.1 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make an admin open an HTML file containing:...

kernel security and bug fix update

[5.14.0-427.16.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

Important: kernel

Issue Overview: 2024-04-30: CVE-2023-0047 was removed from this advisory (rejected). 2024-02-01: CVE-2023-0047 was added to this advisory. 2023-10-12: CVE-2021-3923 was added to this advisory. A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux...

Cisco IOS XE Smart Install Protocol Misuse (cisco-sr-20170214-smi)

The remote Cisco IOS XE device has the Smart Install Feature enabled. The Smart Install (SMI) protocol does not require authentication by design. The absence of an authorization or authentication mechanism in the SMI protocol between the integrated branch clients (IBC) and the director can allow a....

CVE-2024-26905

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix data races when accessing the reserved amount of block reserves At space_info.c we have several places where we access the -&gt;reserved field of a block reserve without taking the block reserve's spinlock first, which.....

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack PoC Make an admin open a URL like (where &lt;&gt; is a valid ID):...

MM-email2image <= 0.2.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a file containing the...

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

RHEL 7 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859) workflow-cps: OS command execution through...

CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF...

CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet.....