Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2023-2298)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2298 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...

SUSE: Security Advisory (SUSE-SU-2023:4127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2023:4127-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4127-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)

Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Securi...

SUSE-SU-2023:4127-1 Security update for cni-plugins

This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...

PT-2023-36285 · Unknown · Cni-Plugins

Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...

Important: gstreamer1-plugins-bad-free

Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...

SUSE SLES12 Security Update : slurm (SUSE-SU-2023:4119-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4119-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

SUSE SLES15 Security Update : slurm (SUSE-SU-2023:4114-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4114-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

ILSpy - .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) - Cross-Platform!

ILSpy is the open-source .NET assembly browser and decompiler. Decompiler Frontends Aside from the WPF UI ILSpy downloadable via Releases, see also plugins, the following other frontends are available: Visual Studio 2022 ships with decompilation support for F12 enabled by default using our engine...

CVE-2023-45003

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

CVE-2023-45003

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

CVE-2023-45003 WordPress Social Feed Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

CVE-2023-45003

CVE-2023-45003 - WordPress Social Feed (Arrow Plugins) ≤ 2.2.0 is an unauthenticated, reflected XSS in the Social Feed plugin. The vulnerability affects the WordPress plugin “Social Feed | Custom Feed for Social Media Networks” up to version 2.2.0. Public sources describe an unauthenticated refle...

PT-2023-29344 · WordPress · Arrow Plugins Social Feed | Custom Feed For Social Media Networks

Name of the Vulnerable Software and Affected Versions: Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin versions = 2.2.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. No information is provided about the estimated number of...

CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

CVE-2023-45147

Discourse (CVE-2023-45147) allows any user to add arbitrary keys to a topic's custom fields. Impact depends on installed plugins; with default plugins, impact is low/none. Patched in the latest Discourse: upgrade to version 3.1.1 (stable) or 3.2.0.beta2 (beta). If upgrade isn’t possible, disable ...

CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

GHSA-67HX-6X53-JW92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Impact Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluateor path.evaluateTruthy internal Babel methods. Known affected plugins are: - @babel/plugin-transform-runtime -...