openSUSE 15 Security Update : gstreamer-plugins-good (openSUSE-SU-2021:2915-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2915-1 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVE-2021-34...

SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2021:2915-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2915-1 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files...

SUSE SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2021:2916-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2916-1 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVE-2021-349...

SUSE: Security Advisory (SUSE-SU-2021:2916-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:2915-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2021:2915-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:2916-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack bsc1184739...

OPENSUSE-SU-2021:2915-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing bsc1184735. - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack bsc1184739...

Security update for gstreamer-plugins-good (moderate)

openSUSE Security Update: Security update for gstreamer-plugins-good Announcement ID: openSUSE-SU-2021:2915-1 Rating: moderate References: 1184735 1184739 Cross-References: CVE-2021-3497 CVE-2021-3498 CVSS scores: CVE-2021-3497 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3497...

be.fluid-it.tools.rundeck.plugins:rundeck-httppost-plugin (=0.1-1), com.criteo.rundeck.plugin:rundeck-tag-orchestrator-plugin (=1.3.3) +4 more potentially affected by CVE-2021-39132 via org.rundeck:rundeck-core (>=1.5 <=2.5.2)

org.rundeck:rundeck-core MAVEN version =1.5, =1.0.0, =1, =1.1, =1.3.3 - org.rundeck:rundeckapp =1.5 Source cves: CVE-2021-39132 Source advisory: OSV:GHSA-Q4RF-3FHX-88PF...

be.fluid-it.tools.rundeck.plugins:rundeck-httppost-plugin (=0.1-1), com.criteo.rundeck.plugin:rundeck-tag-orchestrator-plugin (=1.3.3) +4 more potentially affected by CVE-2021-39133 via org.rundeck:rundeck-core (>=1.5 <=2.5.2)

org.rundeck:rundeck-core MAVEN version =1.5, =1.0.0, =1, =1.1, =1.3.3 - org.rundeck:rundeckapp =1.5 Source cves: CVE-2021-39133 Source advisory: OSV:GHSA-3JMW-C69H-426C...

Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure

Some AJAX actions of the plugin, available to unauthenticated users and used for support features could allow attackers to obtain potentially sensitive information such as the PHP version, active plugins along with their versions, as well as the unsalted MD5 hashes of the site’s AUTHKEY and...

Fedora: Security Advisory for nbdkit (FEDORA-2021-535596f062)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Plugins from miniorange - Reflected Cross-Site Scripting via appId

The plugins do not escape the appId parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&appId="alert/XSS/...

Multiple Plugins from CRM Perks - Reflected Cross-Site Scripting

Numerous plugins from the CRM Perks vendor do not escape parameters before outputting them back in attributes in admin pages, leading to a Reflected Cross-Site Scripting issues executed in the context of a logged in administrator. It first started with an obvious XSS via the vxdebug GET parameter...

Multiple Plugins from CRM Perks - Reflected Cross-Site Scripting

Numerous plugins from the CRM Perks vendor do not escape parameters before outputting them back in attributes in admin pages, leading to a Reflected Cross-Site Scripting issues executed in the context of a logged in administrator. It first started with an obvious XSS via the vxdebug GET parameter...

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting PoC POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

Command injection

Network Attached Storage on LG N1T1 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter...

Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...

Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...