openSUSE: Security Advisory for gstreamer-plugins-bad (openSUSE-SU-2021:1012-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for gstreamer, (openSUSE-SU-2021:1819-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (important)

openSUSE Security Update: Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly Announcement ID: openSUSE-SU-2021:1819-1 Rating: important References: 1181255 SLE-13843 Cross-References: CVE-2021-3185 CVSS scores: CVE-2021-318...

OPENSUSE-SU-2021:1012-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - Update to version 1.16.3: - CVE-2021-3185: buffer overflow in gsth264sliceparsedecrefpicmarking bsc1181255 - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time -...

Security update for gstreamer-plugins-bad (important)

openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2021:1012-1 Rating: important References: 1181255 Cross-References: CVE-2021-3185 CVSS scores: CVE-2021-3185 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3185 SUSE: 7.1...

SideCopy Hackers Target Indian Government Officials With New Malware

A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans RATs, signaling a "boost in their development operations." Attributed to a group tracked as SideCopy, th...

CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

Remote code execution

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

PT-2021-3849 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.1 Description: The issue is related to a lack of restrictions on file uploads in the phplist application, which can be exploited by uploading a malicious plugin containing PHP files with certain extensions, such as PHP,...

CSRF Bypass in Multiple Plugins

Multiple plugins are affected by CSRF bypass as they do not properly check for the nonce due to a logic flaw. This could allow attackers to make logged in users do unwanted actions...

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +90 more potentially affected by CVE-2021-29485 via io.ratpack:ratpack-core (>=0.9.0 <=1.9.0-rc-2)

io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2021-29485 Source advisory: OSV:GHSA-HC33-32VW-RPP9...

Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)

The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator...

Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)

The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator PoC...

Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2021-1981)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-20749

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

VulnCheck KEV: CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

EulerOS 2.0 SP8 : gstreamer-plugins-good (EulerOS-SA-2021-1981)

According to the version of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska...

CVE-2021-32711

Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We...

CVE-2021-32711 Leak of information via Store-API

Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We...

CVE-2021-20735

CVE-2021-20735 concerns a cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin 3.0.x up to 1.0.10, Delivery slip number csv bulk registration plugin 3.0.x up to 1.0.8, Delivery slip number mail plugin 3.0.x up to 1.0.8). The issue allows an attacker to inject a...