SUSE-SU-2022:3907-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads bsc1185448...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for runc, aardvark-dns, podman, oci-seccomp-bpf-hook, buildah, toolbox, slirp4netns, criu, cockpit-podman, fuse-overlayfs, container-selinux, conmon, libslirp, containernetworking-plugins, udica, containers-common, netavark, skopeo, crun, python-podman. This update affects...

gstreamer-plugins-good: Use-after-free in matroska demuxing

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files...

dnf-plugins-core bug fix and enhancement update

An update is available for dnf-plugins-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-good. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs of...

container-tools:3.0 security update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

CVE-2022-3494

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugin...

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2022-2612)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : gstreamer1-plugins-good (EulerOS-SA-2022-2612)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=6.0.2) +58 more potentially affected by CVE-2022-34870 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.15.0)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.15.0 and more Source cves: CVE-2022-34870 Source advisory: OSV:GHSA-373R-9MG8-3JC4...

container-tools:rhel8 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

CVE-2022-42189

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability...

CVE-2022-42189

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability...

CVE-2022-42189

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability...

io.github.skylot:jadx-dex-input (>=1.3.1 <=1.4.4), io.github.skylot:jadx-java-input (>=1.3.1 <=1.4.4) +2 more potentially affected by CVE-2022-39259 via io.github.skylot:jadx-plugins-api (>=1.3.1 <=1.4.4)

io.github.skylot:jadx-plugins-api MAVEN version =1.3.1, =1.3.1, =1.3.1, =1.3.1, =1.3.1, =1.4.4 Source cves: CVE-2022-39259 Source advisory: OSV:GHSA-3R7J-8MQH-6QHX...

Cross-Site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in extraAttributes of POSTHyperlinkNote.java because URLs of these hyperlinks in build logs are not properly encoded which allows an attacker to inject malicious scripts and create pipelines...

CVE-2022-43403

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...