Huawei EulerOS: Security Advisory for gstreamer1-plugins-bad-free (EulerOS-SA-2022-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer-plugins-bad-free (EulerOS-SA-2022-1347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-24962

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in...

CVE-2021-24962

CVE-2021-24962 affects WordPress File Upload Free and Pro plugins prior to 4.16.3. Affected: path traversal via a shortcode argument enables uploading PHP code disguised as an image into the plugin’s autoload directory, resulting in arbitrary code execution (RCE). Public PoCs exist (see wpexploit...

CVE-2021-26600

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass != instead of !==...

Type confusion

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass != instead of !==...

CVE-2021-26600

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass != instead of !==...

CVE-2021-26600

ImpressCMS contains a type confusion in plugins/preloads/autologin.php that leads to Authentication Bypass for versions prior to 1.4.3. The vulnerability is evidenced by multiple sources (GHSA/OSV/NVD entries) describing an authentication bypass via the autologin path, with affected versions list...

EulerOS 2.0 SP8 : gstreamer-plugins-bad-free (EulerOS-SA-2022-1347)

According to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2022-24776 via flask-appbuilder (>=1.10.0 <=3.4.4)

flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.2.5rc2 and more Source cves: CVE-2022-24776 Source advisory: OSV:GHSA-2CCW-7PX8-VMPF...

USN-5347-1 openvpn vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

EulerOS 2.0 SP5 : gstreamer1-plugins-bad-free (EulerOS-SA-2022-1323)

According to the versions of the gstreamer1-plugins-bad-free packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-bad-free (EulerOS-SA-2022-1323)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer-plugins-bad-free (EulerOS-SA-2022-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

DEBIAN-CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

NaN/INF in serverbound movement packets can crash clients and servers

Impact A malicious client may send a MovePlayerPacket to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play. - The server may crash in various ways if this exploit is use...

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...