Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2020:4694)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters...

RHEL 9 : containernetworking-plugins (RHSA-2023:6402)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6402 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4368-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4368-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793. Tenable has extracted...

CVE-2023-46777 WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin = 1.1.3 versions...

CVE-2023-46777 WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin = 1.1.3 versions...

CVE-2023-46783

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...

CVE-2023-46783

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...

CVE-2023-46783

CVE-2023-46783 concerns the WordPress plugin Bright Plugins Pre-Orders for WooCommerce (versions

CVE-2023-46783 WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...

PT-2023-30213 · WordPress · Bright Plugins Pre-Orders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Bright Plugins Pre-Orders for WooCommerce plugin versions = 1.2.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated users with contributor or higher permissions. This vulnerabilit...

SUSE: Security Advisory (SUSE-SU-2023:4361-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4355-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4368-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4355-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4355-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 Note that Nessus has not tested for...

SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4361-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4361-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 Note that Nessus has not tested for...

SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4360-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4360-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1...