containernetworking-plugins security update

1:1.4.0-4 - rebuild for CVE-2024-1394 - Resolves: RHEL-40809...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-4761)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4761 advisory. - rebuild for CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Amazon Linux 2 : gstreamer-plugins-base (ALAS-2024-2593)

The version of gstreamer-plugins-base installed on the remote host is prior to 0.10.36-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2593 advisory. GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows...

Amazon Linux 2 : gstreamer1-plugins-base (ALAS-2024-2592)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2592 advisory. GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows...

RHEL 9 : containernetworking-plugins (RHSA-2024:4761)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4761 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfaces in Lin...

CVE-2024-38692

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11...

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

Important: gstreamer-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Important: gstreamer-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

RHEL 9 : containernetworking-plugins (RHSA-2024:4672)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4672 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfaces in Lin...

GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2024-38716

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0...

CVE-2024-38716 WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0...

CVE-2024-38716

CVE-2024-38716 affects the WordPress plugin Events Calendar for Google (up to v2.1.0). The issue is an improper pathname limitation leading to a PHP Local File Inclusion (LFI) via path traversal, enabling access to local files on the server. The Wordfence entry lists this as a Local File Inclusio...

CVE-2024-38716 WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0...

SUSE-SU-2024:2422-1 Security update for cni-plugins

This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...

Malicious code in atlassian-plugins-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa70e76a995c21512e5537f8ba45c8143816593a98f504f5ac88ad3e752d9eaa The OpenSSF Package Analysis project identified 'atlassian-plugins-jquery' @ 0.0.0-dev npm as malicious. It is considered malicious because: - T...