Cross site scripting

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used...

Multiple WooCommerce Add-Ons - Low Priv Arbitrary Blog Options Update/Access/Deletion & Plugin's Settings Update/Export/Import

The svxajaxfactory AJAX action of the plugins, available to authenticated users, do not have CSRF and capability checks, which could allow any authenticated user, such as subscriber to change/view/delete arbitrary WordPress options, retrieve the list of users, import/export/update the plugins'...

PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue. Timeline July 12th, 2021 - Vendor...

Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2021-2379)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer-plugins-base (EulerOS-SA-2021-2378)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : gstreamer-plugins-base (EulerOS-SA-2021-2378)

According to the version of the gstreamer-plugins-base package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.CVE-2021-3522 Note that Tenable Network...

EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2021-2377)

According to the version of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska...

EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2021-2379)

According to the version of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska...

CVE-2021-41033

In all released versions of Eclipse Equinox, at least until version 4.21 September 2021, installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by...

XStream upgrade to 1.4.18

h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...

XStream upgrade to 1.4.18

h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...

org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.33.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.33.1-01) +37 more potentially affected by CVE-2021-40143 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.33.1-01)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =3.17.0-01, =0.0.13, =1.0.10 and more Source cves: CVE-2021-40143 Source advisory: OSV:GHSA-F34X-8P...

OPENSUSE-SU-2021:2971-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

SUSE-SU-2021:2965-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Signalled support of UTIMEOMIT to external libfuse2 Updated the repository change in the README Fixed vulnerability threats caused by maliciously tampered NTFS partitions Security fixes:...

EulerOS 2.0 SP5 : gstreamer-plugins-good (EulerOS-SA-2021-2331)

According to the version of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska...

Security update for ntfs-3g_ntfsprogs (important)

openSUSE Security Update: Security update for ntfs-3gntfsprogs Announcement ID: openSUSE-SU-2021:2971-1 Rating: important References: 1189720 Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269...

openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2021:1230-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE 15 Security Update : gstreamer-plugins-good (openSUSE-SU-2021:1230-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1230-1 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVE-2021-34...

OPENSUSE-SU-2021:1230-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing bsc1184735. - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack bsc1184739. This update was imported from the...

Security update for gstreamer-plugins-good (moderate)

openSUSE Security Update: Security update for gstreamer-plugins-good Announcement ID: openSUSE-SU-2021:1230-1 Rating: moderate References: 1184735 1184739 Cross-References: CVE-2021-3497 CVE-2021-3498 CVSS scores: CVE-2021-3497 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3497...