Oracle Linux 7 : kubernetes / kubeadm-ha-setup / kubernetes-cni / kubernetes-cni-plugins (ELSA-2020-5725)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5725 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

Oracle Linux 7 : grafana / kubernetes-cni / kubernetes-cni-plugins / kubernetes / kubernetes / olcne (ELSA-2020-5726)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5726 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

Oracle Linux 7 : kubernetes-cni-plugins / kubernetes-cni / kubernetes / olcne (ELSA-2020-5727)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5727 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

Jenkins plugins Multiple Vulnerabilities (2023-09-06)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a histo...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) potentially affected by CVE-2023-41940 via org.tap4j:tap (=1.10)

org.tap4j:tap MAVEN version =1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.tap4j:tap and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack =1.7.2, =1.0.0, =1.7.1 Source cves: CVE-2023-41940 Source advisory:...

com.lookout.jenkins:environment-script (=1.2.5), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +1 more potentially affected by CVE-2023-41938 via org.jenkins-ci.plugins:ivy (>=1.17 <=1.26)

org.jenkins-ci.plugins:ivy MAVEN version =1.17, =2.12.0, =0.6, =0.8 Source cves: CVE-2023-41938 Source advisory: OSV:GHSA-63VW-RPRV-4F8J...

Debian dla-3552 : gstreamer1.0-plugins-ugly - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3552 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3552-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3552-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

container-tools:rhel8 bug fix and enhancement update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-base (SUSE-SU-2023:3402-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3402-1 advisory. - Heap overwrite in subtitle parsing CVE-2023-37328 CVE-2023-37328 Note that Nessus has not tested for this issue but h...

SUSE: Security Advisory (SUSE-SU-2023:3402-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3402-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - The patch for CVE-2023-37328 is removed because it was added by mistake and the package has never been affected by this vulnerability. bsc1213131...

PT-2023-5555 · Nagios +3 · Nagios +3

Name of the Vulnerable Software and Affected Versions: Nagios nagios-plugins version 2.4.5 Description: The issue concerns arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS in the check by ssh component of Nagios nagios-plugins. This allows a remote...

Amazon Linux 2 : cni-plugins (ALAS-2023-2208)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2208 advisory. 2023-08-31: CVE-2023-29406 was added to this advisory. The HTTP/1 client does not fully validate the contents of the...

CVE-2023-32122

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spiffy Plugins Spiffy Calendar plugin = 4.9.3 versions...

CVE-2023-32122

The CVE-2023-32122 issue affects the WordPress Spiffy Calendar plugin, with versions ≤ 4.9.3 vulnerable to unauthenticated, reflected Cross-Site Scripting (XSS) via a page parameter. The root cause is an XSS flaw that can be triggered without authentication, as documented in multiple sources. A f...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...