Debian: Security Advisory (DLA-3824-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3824-1] gst-plugins-base1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3824-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 30, 2024 https://wiki.debian.org/LTS -...

Debian dla-3824 : gir1.2-gst-plugins-base-1.0 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3824 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3824-1 [email protected] https://www.debian.org/lts/security/...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Ubuntu: Security Advisory (USN-6798-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3824-1 gst-plugins-base1.0 - security update

Bulletin has no description...

USN-6798-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash...

USN-6798-1 gst-plugins-base1.0 vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GStreamer Base Plugins vulnerability (USN-6798-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6798-1 advisory. It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue...

[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Amazon Linux 2023 : cni-plugins (ALAS2023-2024-630)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-630 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADE...

Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-3088)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3088 advisory. - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing Tenable has extracted the preceding description block directly from the Oracle Linu...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser Tenabl...

WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.5...

Fedora: Security Advisory for nextcloud (FEDORA-2024-d67f9827b2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0195 Updated mariadb packages fix security vulnerability and bugs

Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...

Jenkins plugins Multiple Vulnerabilities (2024-05-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing...