SUSE-SU-2019:14076-1 Security update for gstreamer-0_10-plugins-base

This update for gstreamer-010-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gstriffcreateaudiocaps bsc1024076. - CVE-2017-5844: Fixed a floating point exception in gstriffcreateaudiocaps bsc1024079. - CVE-2019-9928: Fixed a...

jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as...

Cross-site Scriptin in JSPWiki

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable...

Server side request forgery (ssrf)

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

CVE-2019-9642 affects pydio-core up to version 8.2.2 in the proxy.php module; an unauthenticated request allows evaluating and executing malicious PHP code via a PoC placed on the fourth line of a .php file, with execution triggered through a crafted proxy.php?hash=../../../../../var/lib/pydio/da...

EulerOS 2.0 SP5 : gstreamer-plugins-base (EulerOS-SA-2019-1579)

According to the version of the gstreamer-plugins-base package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server,...

EulerOS 2.0 SP2 : gstreamer-plugins-base (EulerOS-SA-2019-1577)

According to the version of the gstreamer-plugins-base package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server,...

EulerOS 2.0 SP3 : gstreamer-plugins-base (EulerOS-SA-2019-1578)

According to the version of the gstreamer-plugins-base package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server,...

Authorization

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization...

CVE-2017-8777

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization...

CVE-2017-8777

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization...

CVE-2017-8777

CVE-2017-8777 affects Open-Xchange GmbH OX Cloud Plugins (versions 1.4.0 and earlier). The root cause is Missing Authorization, as described across multiple feeds (NVD/Red Hat/CVE). The connected documents do not provide explicit exploitation details or a confirmed remediation version in the supp...

CVE-2017-8777

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization...

WordPress WPGraphQL 0.2.3 Authentication Bypass / Information Disclosure

!/usr/bin/env python Author: Simone Quatrini of Pen Test Partners CVEs: 2019-9879, 2019-9880, 2019-9881 Tested on Wordpress 5.1.1 and wp-graphql 0.2.3 https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ import argparse import requests import base64 import json import sys parse...

CVE-2019-10078

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable...

CVE-2019-12215

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this...

PT-2019-12702 · Matomo · Matomo

Name of the Vulnerable Software and Affected Versions: Matomo version 3.9.1 Description: A full path disclosure issue was discovered, allowing a user to trigger an error and discover the full path of Matomo on the disk. This occurs because lastError.file is used in...

Bandit - Tool Designed To Find Common Security Issues In Python Code

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...

Fedora Update for rubygem-railties FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ability to have the Websudo functionality working with SAML / SSO

h3. Problem Definition When implementing SAML either through JDC or through a vendor plugin, the net result is you have to turn off websudo because you can't get websudo and SAML to work. The effect is you can go straight into administration functions without confirmation that you should. This...