AZL-54365 CVE-2024-47615 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the...

AZL-54341 CVE-2024-47542 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

AZL-54300 CVE-2024-47542 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

AZL-54368 CVE-2024-47541 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style override codes,...

OpenSearch Data Prepper 授权问题漏洞

OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. An authorization issue vulnerability exists in OpenSearch Data Prepper version 2.1.0 through versions prior to 2.10.2, which stems from a vulnerability in which certain custom authentication...

WordPress Hunk Companion Plugin < 1.9.0 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:themehunk:hunkcompanion"; ifdescription...

Amazon Linux 2022 : qt, qt-assistant, qt-common (ALAS2022-2021-006)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-006 advisory. Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...

VulnCheck KEV: CVE-2024-11972

A vulnerability is present in the Hunk Companion plugin that allows installation and activation of plugins from the Wordpress.org repository via an unauthenticated POST request...

CVE-2024-45761

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of...

CVE-2024-45761

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of...

CVE-2024-45761

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of...

CVE-2024-54224 WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7...

Malicious code in node-polyfill-webpack-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in mona-manager-plugins-shared (npm)

--- -= Per source details. Do not edit below this line.=-...

FreeBSD : gstreamer1-plugins -- multiple vulnerabilities (7256fae8-b3e8-11ef-b680-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7256fae8-b3e8-11ef-b680-4ccc6adda413 advisory. The GStreamer Security Center reports: 3 security bugs. Tenable has extracted the preceding...

FreeBSD : gstreamer1-plugins-good -- multiple vulnerabilities (750ab972-b3e8-11ef-b680-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 750ab972-b3e8-11ef-b680-4ccc6adda413 advisory. The GStreamer Security Center reports: 20 security bugs. Tenable has extracted the preceding...

PT-2024-9311 · Dell · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to improper input validation, which could be exploited by a remote low-privileged malicious user to load any web plugins or Java class. This...

dev.sigstore:sigstore-maven-plugin (>=0.4.0 <=1.1.0), hboutemy:sigstore-maven-plugin (=1.0.0-beta-3) +3 more potentially affected by CVE-2024-54140 via dev.sigstore:sigstore-java (>=0.4.0 <=1.1.0)

dev.sigstore:sigstore-java MAVEN version =0.4.0, =0.4.0, =2.0.2, =2.0.3, =2.0.4 Source cves: CVE-2024-54140 Source advisory: OSV:GHSA-JP26-88MW-89QR...

GHSA-JP26-88MW-89QR sigstore-java has a vulnerability with bundle verification

Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...

CVE-2024-5020

CVE-2024-5020 is a DOM-based stored XSS issue tied to multiple WordPress plugins that bundle FancyBox. The vulnerability arises from insufficient input sanitization/output escaping in user-supplied attributes, enabling authenticated users with contributor+ access to inject scripts on pages viewed...