CVE-2024-1282

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

WordPress Plugin Email Encoder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Google Chrome Video Encoder Metrics denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability February 28, 2024 CVE Number None SUMMARY A denial of service vulnerability exists in the Video Encoder Metrics functionality of Google Chrome Chrome Stable 119.0.6045.160 64-bit and...

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution Vulnerability

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

CVE-2024-1282

CVE-2024-1282 refers to the WordPress plugin “Email Encoder – Protect Email Addresses and Phone Numbers.” The vulnerability is a Stored Cross-Site Scripting (XSS) in which attacker-supplied attributes in the plugin’s shortcode can inject scripts. Affected versions are all until and including 2.2....

Advisory ROSA-SA-2024-2358

Software: libwebp 1.2.3 OS: ROSA-CHROME packageevrstring: libwebp-1.2.3-1.src.rpm CVE-ID: CVE-2023-1999 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode to free best.bw and assign the pointer best = Trial. The...

PT-2024-40591 · Oracle +1 · Java.Base/Sun.Nio.Cs.Cesu 8$Encoder +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer class and th...

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...

WordPress Email Encoder Bundle Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1282 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db2eb8d78c8d Credits Richard Telleng...

Email Encoder – Protect Email Addresses and Phone Numbers < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attribute...

Ubuntu 16.04 LTS / 18.04 LTS / 22.04 LTS : UltraJSON vulnerabilities (USN-6629-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6629-1 advisory. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly...

CentOS 8 : flac (CESA-2023:5046)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5046 advisory. - Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

PT-2024-19381 · Hid Global · Omnikey 5023 Readers +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns certain configurations in the communication channel for encoders that could expose sensitive data when reader configuration cards are...

SUSE: Security Advisory (SUSE-SU-2024:0240-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0241-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2023-51257: Fixed an out of bounds write in the JPC encoder bsc1218802...

SUSE-SU-2024:0240-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2023-51257: Fixed an out of bounds write in the JPC encoder bsc1218802...

CVE-2024-0643

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

CVE-2024-0642

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

CVE-2024-0642

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

CVE-2024-0643

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...