SUSE-SU-2023:4361-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

SUSE-SU-2023:4360-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

CVE-2022-46859

CVE-2022-46859 – Spiffy Calendar (WordPress plugin) Root cause: Improper neutralization of special elements used in SQL commands (SQL Injection) in the Spiffy Calendar plugin (spiffy-calendar). Affected: Spiffy Calendar versions up to and including 4.9.1 (on WordPress). Impact: High-risk vulnerab...

SUSE-SU-2023:4355-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Youzify Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-47191 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc5ca1802a20 Credits lttn Required...

SUSE: Security Advisory (SUSE-SU-2023:4350-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4350-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4350-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 Note that Nessus has not tested for...

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugi...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023)

Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

SUSE-SU-2023:4350-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

BIT-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

Amazon Linux 2 : cni-plugins (ALAS-2023-2325)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2325 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Note: This advisory is applicable to Amazo...

SUSE CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause...

SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4271-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4271-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

SUSE-SU-2023:4271-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

CVE-2023-5362

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spicepostslider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Debian: Security Advisory (DLA-3633-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3633 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3633 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3633-1 [email protected]...

DLA-3633-1 gst-plugins-bad1.0 - security update

Bulletin has no description...