SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0089-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0089-1 advisory. - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin bsc1218534. Tenable has extracted the preceding...

PyCryptodome < 3.19.1 Side Channel Leak

The version of PyCryptodome installed on the remote host is prior to 3.19.1. It is, therefore, affected by a vulnerability. - A side-channel leakage with OAEP decryption could be exploited to carry out a Manger attack. CVE-2023-52323 Note that Nessus has not tested for this issue but has instead...

SUSE-SU-2024:0090-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: - CVE-2022-31394: Fixed a potential denial of service in the HTTP/2 implementation bsc1208556...

SUSE-SU-2024:0089-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin bsc1218534...

container-tools:4.0 security update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 cockpit-podman 46-1 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: 2061390 conmon 2:2.1.4-2 - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: 2176055...

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

Medium: gstreamer-plugins-base

Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer-plugins-base Note: This advisory is applicable to...

CentOS 8 : gstreamer1-plugins-bad-free (CESA-2023:7841)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7841 advisory. - MXF demuxer use-after-free vulnerability fedora-all CVE-2023-44446 Note that Nessus has not tested for this issue but has instead relied only on the...

Amazon Linux 2 : gstreamer-plugins-base (ALAS-2024-2407)

The version of gstreamer-plugins-base installed on the remote host is prior to 0.10.36-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2407 advisory. A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is...

Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2023:7841)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7841 advisory. - MXF demuxer use-after-free vulnerability fedora-all CVE-2023-44446 Note that Nessus has not tested for this issue but has instead relied only on the...

CentOS 7 : gstreamer1-plugins-bad-free (RHSA-2024:0013)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0013 advisory. - MXF demuxer use-after-free vulnerability fedora-all CVE-2023-44446 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

CVE-2023-52142

CVE-2023-52142 is a SQL injection in WordPress plugin Events Shortcodes For The Events Calendar (

Amazon Linux 2023 : p7zip, p7zip-plugins (ALAS2023-2024-481)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-481 advisory. p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 Tenable has extracted...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the...

CVE-2020-13880

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write...

Heap overflow

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write...

CVE-2020-13879

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write...

CVE-2020-13879

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write...