abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)

apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:PYSEC-2022-279...

@gitldy1013/vuepress-theme-ldy (>=1.1.2 <=1.1.3), @next-theme/plugins (>=0.0.2 <=8.1.0) +22 more potentially affected by CVE-2022-38545 via valine (>=1.3.10 <=1.4.4)

valine NPM version =1.3.10, =1.1.2, =0.0.2, =1.0.0, =2.0.0-beta.0, =1.0.11, =0.0.1-alpha.0, =0.0.1, =2.0.0-rc.8, =1.0.0, =1.0.0, =1.0.8-alpha.5, =1.1.2, =1.4.0 - vuepress-theme-learing =0.0.1 and more Source cves: CVE-2022-38545 Source advisory: OSV:GHSA-MCVG-G9WX-V5VX...

CVE-2022-2654

The Classima WordPress theme before 2.1.11 and some of its required plugins Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10 do not escape a parameter before outputting it back in attributes,...

Cross site scripting

The Classima WordPress theme before 2.1.11 and some of its required plugins Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10 do not escape a parameter before outputting it back in attributes,...

CVE-2022-2654

The CVE-2022-2654 issue affects the Classima WordPress theme prior to 2.1.11 and several related components (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20, and Classima Core before 1.10). The root cause is failure to es...

RHEL 7 / 8 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 7 : OpenShift Container Platform 4.4.33 (RHSA-2021:0282)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0282 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

CVE-2018-25047

Smarty3 (PHP templating engine) is vulnerable to XSS in smarty_function_mailto when using Smarty &lt;3.1.47 and Smarty 4.x

Malicious Package

Overview pages-plugins-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

container-tools:4.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

container-tools:3.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

RLSA-2022:6450 Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...

com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)

com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...

PT-2022-24629 · Movable Type · A-Form

Name of the Vulnerable Software and Affected Versions: Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series Movable Type plugin A-Form versions prior to 3.9.1 for Movable Type 6 Series Description: A cross-site scripting issue allows a remote unauthenticated attacker to...

Mageia: Security Advisory (MGASA-2022-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0322 Updated gstreamer1.0-plugins-good packages fix security vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

Updated gstreamer1.0-plugins-good packages fix security vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

CVE-2021-38314 Python Exploit Detail...

acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2), airflow-add-ons (>=0.2.9b1 <=0.2.9b2) +11 more potentially affected by CVE-2022-38054 via apache-airflow (>=2.2.5 <=2.3.4)

apache-airflow PYPI version =2.2.5, =0.8.44.4, =0.2.9b1, =0.8.0, =0.2.0, =0.0.3, =0.0.6, =0.0.1, =0.1.0, =0.4.0, =0.8.3, =0.2.35, =0.1.0, =0.10.0.1 Source cves: CVE-2022-38054 Source advisory: OSV:GHSA-5FF8-7639-6V6G...

CVE-2022-36076 Account takeover via SSO plugins in NodeBB

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...