Code injection

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service application crash...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2024-2454)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2454 advisory. GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE:...

CVE-2020-36774

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service application crash...

Exploit for Missing Authorization in Xlplugins Nextmove

CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...

container-tools:rhel8 security update

An update is available for libslirp, module.runc, module.libslirp, runc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tool...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'xladdoninstallation' function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins...

CVE-2024-24878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Almeida | Webdados Portugal CTT Tracking for WooCommerce portugal-ctt-tracking-woocommerce.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through = 2.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PT Woo Plugins by Webdados Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1...

CVE-2024-24878

CVE-2024-24878 affects the Portugal CTT Tracking for WooCommerce plugin (PT Woo Plugins by Webdados). The issue is a reflected cross-site scripting (XSS) vulnerability in the plugin, exploitable via an attacker-supplied input that is reflected in web pages. Affected versions are up to 2.1; a fix ...

org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24823 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)

org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24823 Source advisory: OSV:GHSA-3XF8-G8GR-G7RH...

org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)

org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +10 more potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=2.0.0 <=5.1.10)

org.graylog2:graylog2-server MAVEN version =2.0.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.1.2, =2.2.0-alpha.1 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

Design/Logic Flaw

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +20 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.0-alpha.1 <=4.2.1-dev.9d65c38.0)

web3-utils NPM version =4.0.0-alpha.1, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...

CVE-2024-0668 Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...