Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)

Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were...

pocsuite3

This is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers. The framework supports various...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: influx, nsc, k3d, flannel-cni-plugin, gosu, fulcio-fips, nats, wait-for-port, smarter-device-manager-fips, prometheus-stackdriver-exporter, render-template, bank-vaults-fips, go-bindata, helm-push, hey, docker-credential-ecr-login, petname, metrics-server,...

Open-Source-Vulnerabilities

Open-Source-Vulnerabi...

Important: gstreamer1-plugins-bad-free

Issue Overview: gstreamer: AV1 codec parser heap-based buffer overflow CVE-2023-44429 gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Affected Packages: gstreamer1-plugins-bad-free Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...

Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2023-2355)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2355 advisory. gstreamer: AV1 codec parser heap-based buffer overflow CVE-2023-44429 gstreamer: MXF demuxer...

PT-2023-29423 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: A phishing campaign is targeting WordPress administrators with fake security advisories regarding a non-existent vulnerability. The emails aim to trick users into installing a malicious...

Integer Overflow

gst-plugins-good is vulnerable to Integer Overflow. The vulnerability exists in the avidemux element within the gstavidemuxinvert function, allowing a heap overwrite during the parsing of AVI files. This poses a potential risk of arbitrary code execution through the heap overwrite...

Integer Overflow

gst-plugins-good is vulnerable to Integer Overflow. The vulnerability exists in the matroskademux element within the gstmatroskademuxaddwvpkheader function, allowing a heap overwrite during the parsing of Matroska files. This poses a potential risk of arbitrary code execution through the heap...

Denial Of Service (DoS)

gst-plugins-good is vulnerable to Denial Of Service DoS. The vulnerability arises from an integer overflow in the matroskademux element within the gstmatroskadecompressdata function, leading to a potential segmentation fault or the risk of a heap overwrite...

Denial Of Service (DoS)

gst-plugins-good is vulnerable to Denial Of Service DoS. The vulnerability stems from an integer overflow in the matroskademux element within the gstmatroskadecompressdata function, attributed to the absence of size checks. This issue results in a heap overwrite during MKV demuxing using...

Out-of-bounds Read

gst-plugins-base is vulnerable to Out-of-bounds Read. The vulnerability exists when handling certain ID3v2 tags, which allows an attacker to cause an application crash...

Integer Overflow

gst-plugins-good is vulnerable to Integer Overflow. The vulnerability allows code execution with the privileges of the vulnerable application resulting in a potential denial-of-service DoS or a heap-based buffer overflow...

Integer Overflow

gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to leading to heap overwrite in MXF file handling with AES3 audio. It allow an attacker to execute integer overflow...

Integer Overflow

gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. It leads to allow a remote attacker to execute Integer overflow...

CVE-2023-34030

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7...

CVE-2023-33333

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting XSS.This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting XSS.This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1...

CVE-2023-33333

The CVE describes a CSRF vulnerability in Really Simple Plugins Complianz and Complianz Premium that can lead to Cross-Site Scripting (XSS). Affected versions are Complianz up to 6.4.4 and Complianz Premium up to 6.4.6.1. The CVSS data indicates high impact (I/H, C/H, A/H) with network attack vec...