container-tools:4.0 security and bug fix update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 1:1.24.6-6 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: 2179943 - Resolves: 2187341 - Resolves:...

Important Photon OS Security Update - PHSA-2023-5.0-0145

Updates of 'gst-plugins-bad' packages of Photon OS have been released...

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-6402)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6402 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...

Important Photon OS Security Update - PHSA-2023-4.0-0513

Updates of 'gst-plugins-bad', 'postgresql14' packages of Photon OS have been released...

CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

Tiny Technologies TinyMCE Security Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE, which stems from a mutated cross-site scripting mXSS vulnerability in the undo/redo function and other APIs and plugins. Affected products and versions: TinyM...

TinyMCE -- mXSS in multiple plugins

TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin = 4.2.7 versions...

CVE-2023-46619 WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WebDorado WDSocialWidgets plugin = 1.0.15 versions...

Profile Builder < 3.10.4 - Plugins Activation/Deactivation CSRF

Description The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42781 via apache-airflow (>=1.8.2 <=2.7.2)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42781 Source advisory: OSV:PYSEC-2023-231...

containernetworking-plugins security and bug fix update

1:1.3.0-4 - add Epoch in Provides - Related: 2176063 1:1.3.0-3 - remove noopenssl for FIPS compliance - Related: 2176063 1:1.3.0-2 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 -...

CVE-2023-47223

A vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map.This issue affects Basic Interactive World Map: from n/a through = 2.0...

CVE-2023-47223

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Map Plugins Basic Interactive World Map plugin = 2.0 versions...

CVE-2023-47223

CVE-2023-47223 affects the WordPress plugin Basic Interactive World Map (WP Map Plugins) version ≤ 2.0. The vulnerability is a stored XSS due to inadequate escaping of input in the affected component, with an attacker (admin+ privileges) able to trigger it. The issue is classified with low to med...

grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...

grafana: plugin signature bypass

A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code...

grafana: persistent xss in grafana core plugins

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4368-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4368-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793. Tenable has extracted...