SUSE SLES15 / openSUSE 15 Security Update : cni-plugins (SUSE-SU-2023:4075-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4075-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

SUSE-SU-2023:4075-1 Security update for cni-plugins

This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...

OESA-2023-1709 gstreamer1-plugins-bad-free security update

GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good...

Arbitrary Code Execution

babel is vulnerable to Arbitrary Code Execution . An attacker can trick a user into compiling malicious code which can lead to code injection during compilation, when using specific plugins that rely on internal babel methods. This can lead to bypass of several protection mechanisms posed by the...

PT-2023-36278 · Unknown · Cni-Plugins

Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...

DEBIAN-CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2022-42451

Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...

Cross site scripting

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting XSS vulnerability is in the /admin.php?page=plugins&tab=new&installstatus=ok&pluginid=here page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS co...

Piwigo Cross-Site Scripting Vulnerability

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A cross-site scripting vulnerability exists in Piwigo versions prior to 4.0.0beta4, which stems from a security issue in the...

container-tools:rhel8 bug fix and enhancement update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)

Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

PT-2023-29132 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress versions n/a through 4.13.2 Description: The issue is related to the exposure of sensitive informati...

CVE-2023-25489

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin = 2.0.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin = 2.0.0 versions...

CVE-2023-25489

CVE-2023-25489 is a CSRF vulnerability in the WordPress plugin Update Theme and Plugins from Zip File (versions

CVE-2023-25489 WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin = 2.0.0 versions...

WordPress Plugin update-theme-and-plugins-from-zip-file Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...