USN-8131-1: GStreamer Good Plugins vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain X-QDM RTP payloads. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8131-1 gst-plugins-good1.0 vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain X-QDM RTP payloads. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8130-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8130-1 gst-plugins-base1.0 vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

Debian: Security Advisory (DLA-4514-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4516-1 gst-plugins-ugly1.0 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4516-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4516-1] gst-plugins-ugly1.0 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4516-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the list.json.php endpoints of multiple plugins, which lack authentication and authorization checks. An attacker can retrieve sensitive...

[SECURITY] [DLA 4514-1] gst-plugins-base1.0 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4514-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 29, 2026 https://wiki.debian.org/LTS -...

DLA-4514-1 gst-plugins-base1.0 - security update

Bulletin has no description...

Debian dla-4516 : gstreamer1.0-plugins-ugly - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4516 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4516-1 [email protected]...

SUSE CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

SUSE CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

Security update for gstreamer-plugins-ugly (important)

openSUSE security update: security update for gstreamer-plugins-ugly ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20402-1 Rating: important References: bsc1259367 bsc1259370 Cross-References: CVE-2026-2920 CVE-2026-2922 CVSS scores: CVE-2026-2920...

GHSA-X744-4WPC-V9H2 Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

CVE-2026-3109

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +367 more potentially affected by CVE-2026-33936 via ecdsa (>=0.13.0 <=0.19.1)

ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2026-33936 Source advisory: SNYK:PYTHON-ECDSA-15792390...

OESA-2026-1735 gstreamer1-plugins-bad-free security update

GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good...