SUSE CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

SUSE CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

SUSE CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

SUSE CVE-2017-1000024

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

SUSE CVE-2017-1000102

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings Warnings Plugin, could insert...

SUSE CVE-2017-1000396

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...

SUSE CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

SUSE CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

SUSE CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

SUSE CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

SUSE CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...

SUSE CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution...

SUSE CVE-2022-31123

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

SUSE CVE-2022-31130

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23889 Patch priority Low CVSS severity Low 6.5 Developer Fullworks Plugins PSID a65ab864407d Credits yuyudhn...

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25713 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID 00ac17af9698 Credits yuyudhn...

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

Scan Search settings

This plugin configures miscellaneous search variables for Nessus plugins. It does not perform any security checks but may disable or change the behavior of others. TRUSTED...

Malicious code in supchat-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f04d9db61e2308e216a2c5778585400d2e4ef0a6c127575e7cc6a92a625e37d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-818 Malicious code in supchat-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f04d9db61e2308e216a2c5778585400d2e4ef0a6c127575e7cc6a92a625e37d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...