CVE-2024-45457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13...

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13...

CVE-2024-45457

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through = 4.9.13...

CVE-2024-45457

CVE-2024-45457 affects Spiffy Calendar plugin for WordPress (versions through 4.9.13). The vulnerability is a Stored XSS due to improper input neutralization during web page generation. Public records from Patchstack and Red Hat confirm this, listing the affected range as up to 4.9.13 and noting ...

CVE-2024-45458

CVE-2024-45458 affects Spiffy Calendar plugin for WordPress (versions

RHBA-2019:0862 Red Hat Bug Fix Advisory: containernetworking-plugins bug fix and enhancement update

Bulletin has no description...

RHSA-2019:1206 Red Hat Security Advisory: rhvm-setup-plugins security update

Bulletin has no description...

RHSA-2019:1205 Red Hat Security Advisory: rhvm-setup-plugins security update

Bulletin has no description...

PT-2024-39194 · WordPress · Slicewp Affiliates

Name of the Vulnerable Software and Affected Versions: SliceWP Affiliates plugin for WordPress versions up to, and including, 1.1.20 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can pu...

[SECURITY] Fedora 40 Update: nextcloud-29.0.6-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-2411)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2411)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-2434)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

CVE-2024-7727

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...

SUSE: Security Advisory (SUSE-SU-2024:3198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:3198-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3198-1 advisory. - Dropped support for libmfx to fix the following CVEs: libmfx: improper input validation CVE-2023-48368, bsc1226897 libmfx: improp...

SUSE-SU-2024:3198-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - Dropped support for libmfx to fix the following CVEs: libmfx: improper input validation CVE-2023-48368, bsc1226897 libmfx: improper buffer restrictions CVE-2023-45221, bsc1226898 libmfx: out-of-bounds read CVE-2023-22656,...