CVE-2023-49745

Product/Component: WordPress Spiffy Calendar pluginVulnerability: Stored Cross-Site Scripting (XSS) due to improper input sanitization/escaping in shortcode attributesAffects: Spiffy Calendar versions

AlmaLinux 9 : containernetworking-plugins (ALSA-2023:7766)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7766 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

LibreOffice 7.5 < 7.5.9 / 7.6 < 7.6.3 Improper Input Validation (macOS)

LibreOffice supports embedded videos in file formats via platform audio/video support. Typically under Linux this is via gstreamer. In affected version of LibreOffice the filename of the embedded video is not sufficiently escaped when passed to gstreamer enabling an attacker to run arbitrary...

RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2023:7792)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7792 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

Important: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 For more details about the...

com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2023-50765 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)

org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2023-50765 Source advisory: OSV:GHSA-4J42-6XFX-H754...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free security update

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Multiple Plugins by KlbTheme - Reflected Cross-Site Scripting

Description The plugins do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

containernetworking-plugins security update

1:1.3.0-6 - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Resolves: 2228743 - Resolves: 2237773 - Resolves: 2237776 - Resolves: 2237777 - Resolves: 2237778 1:1.3.0-5 - fix path to dhcp service - Resolves: RHEL-3140...

Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting

On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting XSS via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...

MAL-2023-8689 Malicious code in npm_package_babel_plugins_3_1_pragma (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3632cb4fe4754d272e86ef810873600bf47c3e8c42733de77bf10571a80fc675 The OpenSSF Package Analysis project identified 'npmpackagebabelplugins31pragma' @ 99.99.99 npm as malicious. It is considered malicious because...

RHEL 9 : containernetworking-plugins (RHSA-2023:7766)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7766 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

Ubuntu: Security Advisory (USN-6546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-6185

An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...

USN-6546-1 libreoffice vulnerabilities

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. CVE-2023-6185 Reginaldo Silva...

DEBIAN-CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

PT-2023-7886 · Document Foundation +10 · Libreoffice +10

Name of the Vulnerable Software and Affected Versions: LibreOffice affected versions not specified Description: The issue is related to improper input validation in the GStreamer integration of LibreOffice, allowing an attacker to execute arbitrary GStreamer plugins. In affected versions, the...

UBUNTU-CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the...