SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2022:3908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3908-1 advisory. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap...

SUSE-SU-2022:3906-1 Security update for gstreamer-0_10-plugins-good

This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files bsc1201688. - CVE-2022-1921: Fixed an integer overflow while parsing avi files bsc1201693. - CVE-2022-1922: Fixed an integer overflow during mkv demuxing...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

Denial of Service (DoS)

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes. Details Denial of...

EulerOS 2.0 SP3 : gstreamer1-plugins-good (EulerOS-SA-2022-2612)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...

SUSE-SU-2022:3760-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

SUSE-SU-2022:3617-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2022-2463)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : gstreamer1-plugins-good (EulerOS-SA-2022-2463)

According to the versions of the gstreamer1-plugins-good packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary during frame decompression. Exploiting this vulnerability can allow a remote attacker to cause service failures ...

CVE-2022-2122

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1924

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1923

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service. The vulnerability exists because complete HTTP body decompression is not properly detected and the code repeatedly attempts to decompress the data appended to the HTTP message causing an infinite loop which leads to an...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

Input validation

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

CVE-2022-3252 affects Apple SwiftNIO Extras. The issue arises in the transparent HTTP body decompression helpers, specifically HTTPRequestDecompressor and HTTPResponseDecompressor, which fail to detect when the decompressed body is complete. Attacks can append trailing junk data to a compressed H...