CVE-2024-10460 |
Description:
Nessus Plugin ID 216952 with Critical Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of firefox installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-035 advisory. The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10460) In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10461) Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10462) Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10464) A clipboard paste button could persist across tabs which ...
CVSS: MEDIUM (5.3)
March 1st, 2025 (4 months ago)
|
CVE-2025-26594 |
Description:
Nessus Plugin ID 216953 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b40b12a89e advisory. Update to xserver 21.1.16, CVE fix for: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected xorg-x11-server package.
Read more at https://www.tenable.com/plugins/nessus/216953
EPSS Score: 0.02%
March 1st, 2025 (4 months ago)
|
CVE-2023-40022 |
Description:
Nessus Plugin ID 216954 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f77f6c77a advisory. CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code ---- rizin 0.7.2 / cutter-re 2.3.4 (fix changelog) ---- rizin 0.7.2 / cutter-re 2.3.4Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected cutter-re and / or rizin packages.
Read more at https://www.tenable.com/plugins/nessus/216954
CVSS: HIGH (7.8)
March 1st, 2025 (4 months ago)
|
CVE-2025-0633 |
Description:
Nessus Plugin ID 216955 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a1d884e467 advisory. Patched libiniparser to fix CVE-2025-0633Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected iniparser package.
Read more at https://www.tenable.com/plugins/nessus/216955
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
March 1st, 2025 (4 months ago)
|
![]() |
Description: Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users.
The revised Terms of Use now states -
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It
March 1st, 2025 (4 months ago)
|
CVE-2025-1671 |
Description: The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 1st, 2025 (4 months ago)
|
CVE-2025-1638 |
Description: The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.
CVSS: CRITICAL (9.8) EPSS Score: 0.15%
March 1st, 2025 (4 months ago)
|
CVE-2025-1564 |
Description: The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrators and take over access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 1st, 2025 (4 months ago)
|
CVE-2024-13911 |
Description: The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.
CVSS: HIGH (7.2) EPSS Score: 0.1%
March 1st, 2025 (4 months ago)
|
CVE-2024-13806 |
Description: The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
March 1st, 2025 (4 months ago)
|