SUSE-SU-2024:0793-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213...

SUSE: Security Advisory (SUSE-SU-2024:0779-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2024:0779-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0779-1 advisory. - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213. Tenable has extracted the preceding...

SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0780-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0780-1 advisory. - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213. Tenable has extracted the preceding...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2024-28152 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2024-28152 Source advisory: OSV:GHSA-M4RM-X2RR-357W...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.1 for RHEL 9

Secondary Scheduler Operator for Red Hat OpenShift 1.2.1 for RHEL 9 An update for secondary-scheduler-operator-bundle-container and secondary-scheduler-operator-container is now available for OSSO-1.2.1-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Moderate...

SUSE-SU-2024:0780-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213...

SUSE-SU-2024:0779-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213...

BIT-PHPLIST-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

BIT-RABBITMQ-2022-31008 Predictable credential obfuscation seed value used in rabbitmq-server

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

BIT-OPENFIRE-2020-35200

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...

BIT-OPENFIRE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

BIT-GRAFANA-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...

BIT-GRADLE-2021-29427 Repository content filters do not work in Settings pluginManagement

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

BIT-APISIX-2021-43557 Path traversal in request_uri variable

The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...

CentOS: Security Advisory for gstreamer-plugins-bad-free (CESA-2024:0279)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS: Security Advisory for gstreamer1-plugins-bad-free (CESA-2024:0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1316

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...