CVE-2017-5837

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

UBUNTU-CVE-2016-10198

The gstaacparsesinksetcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted audio file...

UBUNTU-CVE-2017-5840

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

UBUNTU-CVE-2017-5841

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving ncdt tags...

CVE-2017-5839

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service stack overflow and crash via vectors involving nested WAVEFORMATEX...

UBUNTU-CVE-2017-5842

The htmlcontexthandleelement function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds write via a crafted SMI file, as demonstrated by OneNoteManager.smi...

CVE-2017-5841

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving ncdt tags...

openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-208)

This update for gstreamer-010-plugins-bad fixes the following issue : - CVE-2016-9809: Off by one read in gsth264parsesetcaps bsc1013659 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

[ASA-201702-4] gst-plugins-base-libs: multiple issues

Arch Linux Security Advisory ASA-201702-4 ========================================= Severity: Critical Date : 2017-02-03 CVE-ID : CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Package : gst-plugins-base-libs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1...

[ASA-201702-3] gst-plugins-good: denial of service

Arch Linux Security Advisory ASA-201702-3 ========================================= Severity: Low Date : 2017-02-03 CVE-ID : CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Package : gst-plugins-good Type : denial of service Remote : Yes Link :...

[ASA-201702-5] gst-plugins-bad: multiple issues

Arch Linux Security Advisory ASA-201702-5 ========================================= Severity: Critical Date : 2017-02-03 CVE-ID : CVE-2017-5843 CVE-2017-5848 Package : gst-plugins-bad Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-165 Summary ======= The package...

openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0298-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 24 : shotwell (2017-ddee871dd1)

This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to...

Fedora 25 : shotwell (2017-8c3c43cc4f)

This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to...

Collaborative Penetration Test & Vulnerability Management Platform: Faraday

Collaborative Penetration Test & Vulnerability Management Platform Faraday introduces a new concept – IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of...

CVE-2016-9008

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...

Faraday v2.3 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

SUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0331-1)

gstreamer-010-plugins-bad was udpated to fix one issue. This security issue was fixed : - CVE-2016-9809: Off by one read in gsth264parsesetcaps bsc1013659. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0330-1)

This update for gstreamer-010-plugins-bad fixes the following issue : - CVE-2016-9809: Off by one read in gsth264parsesetcaps bsc1013659 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...

SUSE-SU-2017:0330-1 Security update for gstreamer-0_10-plugins-bad

This update for gstreamer-010-plugins-bad fixes the following issue: - CVE-2016-9809: Off by one read in gsth264parsesetcaps bsc1013659...