Amazon Linux 2 : gstreamer-plugins-good (ALAS-2023-2122)

The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2122 advisory. Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Tenable has extracted the...

Amazon Linux 2 : gstreamer-plugins-base (ALAS-2023-2121)

The version of gstreamer-plugins-base installed on the remote host is prior to 0.10.36-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2121 advisory. Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Tenable has extracted the...

Amazon Linux 2 : gstreamer1-plugins-base (ALAS-2023-2120)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2120 advisory. Heap overwrite in subtitle parsing CVE-2023-37328 Tenable has extracted the preceding description block directly...

CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise expose a vulnerability (CVE-2023-3300) where the HTTP search API can reveal names of available CSI plugins to unauthenticated users or those without the plugin:read policy. Affected versions are Nomad/Nomad Enterprise 0.11.0 through 1.5.6 and 1.4.1. The issue ...

CVE-2023-3300

Removed by vendor...

Important: gstreamer-plugins-base

Issue Overview: Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Affected Packages: gstreamer-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

WordPress WordPress Team Members – GS Plugins Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Team Members – GS Plugins Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 741ebe0ad0f9 Credits Rafie Muhammad...

PT-2023-24131 · Hashicorp +1 · Hashicorp Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.11.0 through 1.5.6 HashiCorp Nomad and Nomad Enterprise version 1.4.1 Description: A vulnerability in the HTTP search API can reveal names of available CSI plugins to unauthenticated users or...

Important: gstreamer-plugins-good

Issue Overview: Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Affected Packages: gstreamer-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Important: gstreamer1-plugins-base

Issue Overview: Heap overwrite in subtitle parsing CVE-2023-37328 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

SUSE: Security Advisory (SUSE-SU-2023:2869-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : cni-plugins (SUSE-SU-2023:2869-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2869-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2022-47421

CVE-2022-47421: Auth. (admin+) Stored Cross-Site Scripting in Repute InfoSystems ARMember (free) and ARMember (premium) WordPress plugins. Administrative users can inject stored XSS via input in ARMember settings/messages; impact per sources includes confidentiality/integrity exposure with potent...

SUSE-SU-2023:2869-1 Security update for cni-plugins

This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release bsc1206346...

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.7.8 Fixed in 3.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Mediu...

WordPress Quick Paypal Payments Plugin < 5.7.29 is vulnerable to Cross Site Scripting (XSS)

Software Quick Paypal Payments Type Plugin Vulnerable versions 5.7.29 Fixed in 5.7.29 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID f299ef079138 Credits Rafie Muhammad Patchstac...

PT-2023-36231 · Unknown · Cni-Plugins

Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to the rebuild of the cni-plugins package with the go 1.20 security release. Recommendations: At the moment, there is no information about a newer version that...

WordPress Quick Event Manager Plugin < 9.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions 9.8.5.3 Fixed in 9.8.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID 5068fcdc6585 Credits Rafie Muhammad Patchstac...