CVE-2021-42367

The CVE-2021-42367 entry concerns the WordPress Variation Swatches for WooCommerce plugin. A Stored Cross-Site Scripting (XSS) flaw exists in versions up to 2.1.1, triggered via multiple parameters in the includes/class-menu-page.php file. The vulnerability arises from missing authorization check...

PT-2021-23598 · WordPress · Variation Swatches For Woocommerce

Name of the Vulnerable Software and Affected Versions: Variation Swatches for WooCommerce WordPress plugin versions up to and including 2.1.1 Description: The issue allows attackers to inject arbitrary web scripts via several parameters in the /includes/class-menu-page.php file, due to missing...

Variation Swatches for WooCommerce Plugin for WordPress < 2.1.2 Cross-Site Scripting

The WordPress Variation Swatches for WooCommerce Plugin installed on the remote host is affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

harfbuzz:hb-subset-fuzzer: Crash in OT::VariationSelectorRecord::operator=

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=6316256152780800 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61610000067d...

openSUSE Security Update : freetype2 (openSUSE-2020-704)

This update for freetype2 to version 2.10.1 fixes the following issues : Security issue fixed : - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c bsc1079603. Non-security issues fixed : - Update to version 2.10.1 - The bytecode hinting of OpenType variation fonts was flawed, sinc...

Security update for freetype2 (moderate)

openSUSE Security Update: Security update for freetype2 Announcement ID: openSUSE-SU-2020:0704-1 Rating: moderate References: 1079603 1091109 Cross-References: CVE-2018-6942 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:1353-1)

This update for freetype2 to version 2.10.1 fixes the following issues : Security issue fixed : CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c bsc1079603. Non-security issues fixed : Update to version 2.10.1 - The bytecode hinting of OpenType variation fonts was flawed, since th...

WordPress woo-variation-gallery cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woo-variation-gallery is a plugin for e-commerce sites that adds images to products. A cross-site scripting vulnerability exists in...

CVE-2019-15778

The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS...

CVE-2019-15778

The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS...

CVE-2019-15778

The CVE-2019-15778 entry concerns the WordPress plugin woo-variation-gallery, affected in versions prior to 1.1.29, which is described as having a cross-site scripting (XSS) vulnerability. The vulnerability is rooted in improper handling/validation of client-side data, enabling XSS. Remediation a...

WordPress woo-variation-swatches plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress woo-variation-swatches plugin. The vulnerability stems from the...

PT-2019-13636 · Mooltipass · Mooltipass Mini

Name of the Vulnerable Software and Affected Versions: Mooltipass Mini affected versions not specified Description: A side channel was discovered related to the row-based OLED display on Mooltipass Mini devices. The power consumption of each display cycle varies based on the number of illuminated...

CVE-2019-14774

The woo-variation-swatches aka Variation Swatches for WooCommerce plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter...

CVE-2019-14774

Vulnerability detail: The woo-variation-swatches (Variation Swatches for WooCommerce) WordPress plugin, version 1.0.61, is affected by a reflected XSS flaw in the admin settings endpoint wp-admin/admin.php?page=woo-variation-swatches-settings via the tab parameter. Impactfully, this allows script...

PT-2019-13826 · Woo Variation Swatches · Woo-Variation-Swatches

Name of the Vulnerable Software and Affected Versions: Woo-variation-swatches plugin version 1.0.61 Description: The issue allows for XSS via the "tab" parameter in the 'wp-admin/admin.php?page=woo-variation-swatches-settings' endpoint. Recommendations: For version 1.0.61, consider disabling acce...

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

CVE-2019-9768

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...

CVE-2019-9768

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...

Malware analysis: decoding Emotet, part 1

Emotet Banking Trojan malware has been around for quite some time now. As such, infosec researchers have made several attempts to develop tools to de-obfuscate and even decrypt the AES-encrypted code belonging to this malware. The problem with these tools is that they target active versions of th...