The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Monthly Archives: February 2017
CVE-2017-5848
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
CVE-2016-4988
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2016-4987
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
CVE-2016-6171
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
LG Touchscreen Driver write_log Kernel Read / Write
The LG touchscreen driver suffers from a write_log kernel read/write vulnerability.
Exploiting Node.js Deserialization Bug For Remote Code Execution
Whitepaper called Exploiting Node.js Deserialization Bug for Remote Code Execution.
LG Felica Driver Dangerous set_fs Usage
The LG Felica driver performs a dangerous set_fs usage.
mingw-gstreamer1-plugins-bad-free-1.10.3-1.fc25
Security fix for CVE-2017-5848, CVE-2017-5843 – Downgrade to 1.10.3 as it is the latest stable release
mingw-gstreamer1-plugins-good-1.10.3-1.fc25
Security fix for CVE-2016-10199, CVE-2017-5845, CVE-2017-5840, CVE-2017-5841 – Downgrade to 1.10.3 as it is the latest stable release