PT-2025-39513

Name of the Vulnerable Software and Affected Versions Popup Maker plugin for WordPress versions prior to 1.20.7 Description The Popup Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated...

CVE-2023-49292 affecting package golang for versions less than 1.20.7-1

CVE-2023-49292 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-49292 affecting package golang for versions less than 1.20.7-1

CVE-2023-49292 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-44487 affecting package golang for versions less than 1.20.10

CVE-2023-44487 affecting package golang for versions less than 1.20.10. A patched version of the package is available...

CVE-2021-3716 affecting package nbdkit 1.20.7-5

CVE-2021-3716 affecting package nbdkit 1.20.7-5. This CVE either no longer is or was never applicable...

CVE-2021-25741 affecting package kubernetes-1.20.7 1.20.7-9

CVE-2021-25741 affecting package kubernetes-1.20.7 1.20.7-9. No patch is available currently...

OESA-2024-1454 gstreamer1-plugins-base security update

GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin. Security Fixes: Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22....

OESA-2024-1455 gstreamer1-plugins-base security update

GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin. Security Fixes: Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22....

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-29405 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29405 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is available...

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

AZL-52773 CVE-2023-39533 affecting package golang for versions less than 1.19.12-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

[SECURITY] Fedora 38 Update: golang-1.20.7-1.fc38

The Go Programming Language...

AZL-27814 CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the crypto/tls process. An attacker can cause excessive CPU consumption by presenting...

AZL-28831 CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

AZL-27410 CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

AZL-52711 CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...