abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +14 more potentially affected by CVE-2023-51702 via apache-airflow (>=2.3.2 <=2.5.3)

apache-airflow PYPI version =2.3.2, =0.8.2, =0.1.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.1.0, =0.10.0.1 and more Source cves: CVE-2023-51702 Source advisory: OSV:GHSA-MG2X-MGGJ-6955...

Jenkins plugins Multiple Vulnerabilities (2024-01-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...

Confluence-frontend-plugins release/18.6 fix

Fix broke release/18.6|https://server-syd-bamboo.internal.atlassian.com/build/result/viewBuildResults.action?buildKey=CBP86-FRONTENDPLUGINS-CEDCONF&buildNumber=80 of confluence-frontend-plugins...

CVE-2024-0679 ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the pluginactioncallback function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and...

CVE-2022-40700

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

CVE-2022-40700 Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

CVE-2022-40700

CVE-2022-40700 is an SSRF vulnerability reported against Montonio for WooCommerce and a range of WordPress plugins/themes. Affected versions include Montonio for WooCommerce up to 6.0.1 (patched in 6.0.2) and other listed plugins up to their indicated versions; several references confirm SSRF as ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence...

Oracle Linux 7 : gstreamer-plugins-bad-free (ELSA-2024-0279)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0279 advisory. - Patch CVE-2023-44446: MXF demuxer use-after-free Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

RHEL 7 : gstreamer-plugins-bad-free (RHSA-2024:0279)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0279 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a...

CVE-2024-0238

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +496 more potentially affected by CVE-2023-46749 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.12.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =5.1.0, =5.1.0, =5.1.0, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =2.2.0, =2.2.0, =2.2.0, =2.3.1 and more Source cves: CVE-2023-46749 Source advisory: OSV:GHSA-JC7H-C423-MPJC...

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress...

SUSE: Security Advisory (SUSE-SU-2024:0100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0100-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0100-1 advisory. - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin bsc1218534. Tenable has extracted the preceding description block...

SUSE-SU-2024:0100-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin bsc1218534...

OESA-2024-1074 containernetworking-plugins security update

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...

PT-2024-40978 · Unknown · Gstreamer-Plugins-Bad

Name of the Vulnerable Software and Affected Versions: gstreamer-plugins-bad affected versions not specified Description: A buffer overflow issue was found in the AV1 video plugin of gstreamer-plugins-bad. This issue can be exploited, but no specific details about the estimated number of...

1 click disable all < 1.0.2 - Plugins Deactivation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation, allowing unauthenticated attackers to deactivate all plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link...