EulerOS 2.0 SP9 : gstreamer1-plugins-base (EulerOS-SA-2021-2711)

According to the versions of the gstreamer1-plugins-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. CVE-2021-3522 Note that Tenable...

EulerOS 2.0 SP9 : gstreamer1-plugins-base (EulerOS-SA-2021-2686)

According to the versions of the gstreamer1-plugins-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. CVE-2021-3522 Note that Tenable...

dnf security and bug fix update

An update is available for dnf-plugins-core, dnf, libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list dnf is a package manager that allows users to manage...

setroubleshoot-plugins bug fix and enhancement update

An update is available for setroubleshoot-plugins. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

setroubleshoot-plugins bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2021:4350 setroubleshoot-plugins bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

container-tools:3.0 security and bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

container-tools:2.0 security update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which...

PT-2021-7636

Name of the Vulnerable Software and Affected Versions Grafana versions 8.0.0-beta1 through 8.3.0 Description Grafana is vulnerable to a directory traversal vulnerability, allowing attackers to access local files. The vulnerable URL path is: /public/plugins//, where is the plugin ID for any...

CVE-2021-24835

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...

Jenkins has an unspecified vulnerability (CNVD-2021-88719)

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has a security vulnerability that stems from Jenkins 2.318 and earlier, LTS 2.303.2 and earlier in FilePath untar...

Mozilla Firefox Security Advisory (MFSA2016-13) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Important: java-11-amazon-corretto

Issue Overview: There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to...

Roundcube Webmail File Disclosure Vulnerability

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset

The plugin has two AJAX actions, mepwlajaxlicenseactivate and mepwlajaxlicensedeactivate, which are available to both unauthenticated and authenticated users, and are lacking any authorisation, CSRF as well as checks to ensure that the options to be updated belong to the plugin. As a result,...

Huawei EulerOS: Security Advisory for gstreamer-plugins-base (EulerOS-SA-2021-2634)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site scripting vulnerability in TinyMCE plugins

Impact A cross-site scripting XSS vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the...

GHSA-R8HM-W5F7-WJ39 Cross-site scripting vulnerability in TinyMCE plugins

Impact A cross-site scripting XSS vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the...

OS Command Injection in ohmyzsh/ohmyzsh

Description In Oh My Zsh, there is a function called omzurldecode, which is used to decode URLs. Since this function is using eval with user inputs without any sanitization, it's possible to inject arbitrary commands into the eval context, which allows an attacker to achieve the command injection...

PT-2021-24351 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.0 Description: A cross-site scripting vulnerability was discovered in the URL processing logic of the image and link plugins, allowing arbitrary JavaScript execution when updating an image or link using a...