Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2023-5334: WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
#xss#vulnerability#web#wordpress#intel#perl#auth
CVE-2023-36627

A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.

CVE-2023-43980: [CVE-2023-43980] Improper neutralization of SQL parameter in Presto Changeo - Test Site Creator module for PrestaShop

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

CVE-2023-42132: FD申請 医薬品医療機器等の承認・許可等 厚生労働省|医薬品医療機器等法用医薬品等電子申請ソフトダウンロード

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Ubuntu Security Notice USN-6386-2

Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5405-01

Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.

GHSA-rp65-jpc7-8h8p: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

GHSA-h8wh-f7gw-fwpr: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.

GHSA-9hwp-cj7m-wjw4: Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of