APSB24-34 : Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves an important vulnerability that could lead to memory leak...

Adobe Media Encoder < 23.6.6 / 24.0.0 < 24.4.1 Memory leak (APSB24-34) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 23.6.6, 24.4.1. It is, therefore, affected by a vulnerability as referenced in the APSB24-34 advisory. - Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability th...

Zendframework Potential XSS or HTML Injection vector in Zend_Json

ZendJsonEncoder was not taking into account the solidus character / during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string...

Fedora: Security Advisory for rust-rav1e (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-27823

A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

SUSE CVE-2020-27824

A flaw was found in OpenJPEG's encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Rejected reason: DO NOT USE THIS CANDIDAT...

[SECURITY] Fedora 39 Update: rust-rav1e-0.7.1-2.fc39

The fastest and safest AV1 encoder...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

PT-2024-40340 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

ALPINE-CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

The vulnerability of the `vidtv_s302m_encoder_init()` function in the `drivers/media/test-drivers/vidtv/vidtv_s302m.c` file of the Vidtv driver for the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the vidtvs302mencoderinit function in the drivers/media/test-drivers/vidtv/vidtvs302m.c file of the Vidtv driver for the Linux operating system is related to the lack of code checks for the vzalloc function’s return value. Exploiting this vulnerability could allow an attacker...

Fedora: Security Advisory for rust-rav1e (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-rav1e-0.7.1-2.fc40

The fastest and safest AV1 encoder...

ALSA-2024:3095 Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...