Debian dla-3503 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3503-1 [email protected] https://www.debian.org/lts/security/...

Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2023-2155)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2155 advisory. Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Tenable has extracted the...

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +3295 more potentially affected by CVE-2023-37460 via org.codehaus.plexus:plexus-archiver (>=1.0 <=4.7.1)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =1.0.0, =1.0.0, =0.7.6, =0.6.0, =0.6.0, =0.6.0, =0.8.0 and more Source cves: CVE-2023-37460 Source advisory: OSV:GHSA-WH3P-FPHP-9H2M...

Making all attributes on a content-type public without noticing it

Summary Anyone Strapi developers, users, plugins can make every attribute of a Content-Type public without knowing it. Details When dealing with content-types inside a Strapi instance, we can extend those using the appropriate container: javascript...

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

Important: gstreamer1-plugins-good

Issue Overview: Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Important: gstreamer1-plugins-base

Issue Overview: Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

DLA-3503-1 gst-plugins-bad1.0 - security update

Bulletin has no description...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)

Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and not send a follow-up email. We apologize for this error on our part! Last week, there were 69...

GHSA-V5FM-HR72-27HX Nomad Search API Leaks Information About CSI Plugins

A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

Nomad Search API Leaks Information About CSI Plugins

A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

Denial of service

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

UBUNTU-CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-30200

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...