Debian DSA-5583-1 : gst-plugins-bad1.0 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5583 advisory. A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary...

SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4944-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4944-1 advisory. - CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow bsc1215792. Tenable has extracted the preceding description block direct...

io.github.gpc:cascade-validation (=4.0.0), io.github.gpc:grails-cascade-validation (=4.0.0) +19 more potentially affected by CVE-2023-46131 via org.grails:grails-databinding (>=4.0.10 <=4.1.2)

org.grails:grails-databinding MAVEN version =4.0.10, =4.0.0-1, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.1.2 and more Source cves: CVE-2023-46131 Source advisory: OSV:GHSA-3PJV-R7W4-2CF5...

openSUSE 15 Security Update : gstreamer-plugins-bad (openSUSE-SU-2023:0409-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0409-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474, CVE-2023-40476 Note that Nessus has not...

CVE-2023-37982

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...

OPENSUSE-SU-2023:0409-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. - CVE-2023-40476: Fixed possible overflow using maxsublayersminus1 bsc1215793...

CVE-2023-47754

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

PT-2023-26230 · Salesforce · Salesforce

Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms versions n/a through 1.3.3 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...

RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2023:7874)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7874 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...

RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2023:7873)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7873 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2023:7875)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7875 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...

RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2023:7872)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7872 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...

conmon security update

conmon 2.1.3-7 - Resolve CVE-2023-39325 2.1.3-6 - Add ol8baseoslatest, and ol9baseoslatest, to Jenkinsfile 2.1.3-5 - Add systemd-devel as build requirement 2.1.3-4 - Add support ARM build cri-o 1.26.3-3 - Resolve CVE-2023-39325 1.26.3-2 - Add support for ARM build cri-tools 1.26.1-3 - Resolve...

gstreamer1-plugins-bad-free security update

1.16.1-2 - Resolves MXF demuxer use-after-free vulnerability CVE-2023-44446...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2023-7841)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7841 advisory. 1.16.1-2 - Resolves MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has extracted the preceding description block directly from the Oracle Linux...

Security update for gstreamer-plugins-bad (important)

openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2023:0409-1 Rating: important References: 1215793 1215796 Cross-References: CVE-2023-40474 CVE-2023-40476 CVSS scores: CVE-2023-40474 SUSE: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H...

CVE-2023-47754

CVE-2023-47754 is a Broken Access Control/Missing Authorization vulnerability in the WordPress plugin Delete Duplicate Posts (versions

CVE-2023-47754 WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...