EUVD-2026-3448

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

MiracleLinux 8 : dnsmasq-2.79-19.el8 (AXSA:2021-2666:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2666:07 advisory. dnsmasq: fixed outgoing port used when --server is used with an interface name CVE-2021-3448 Tenable has extracted the preceding description block directly...

MiracleLinux 4 : python-paramiko-1.7.5-5.AXS4 (AXSA:2019-3448:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3448:01 advisory. python-paramiko: Authentication bypass in authhandler.py CVE-2018-1000805 Tenable has extracted the preceding description block directly from the MiracleLinu...

TencentOS Server 3: dnsmasq (TSSA-2022:0246)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0246 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2011-3448

Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file with H.264 encoding...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250318T181448 2025-03-18T18:14:48Z jscPED-11136: GO-2025-3448 GHSA-23qp-3c2m-xx6w GO-2025-3516 GHSA-47ww-ff84-4jrg GO-2025-3517 GHSA-4wf3-5qj9-368v GO-2025-3525 GHSA-93mq-9ffx-83m2 GO-2025-3527...

Linux Distros Unpatched Vulnerability : CVE-2010-3448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/platform/x86/thinkpadacpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to...

CVE-2023-3448

creationtimestamp| type| source ---|---|--- 2025-02-11 02:16:17+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuloiyx5r23...

CVE-2024-3448

creationtimestamp| type| source ---|---|--- 2024-04-12 05:17:27+00:00| seen| https://t.me/arpsyndicate/4524...

CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...

CVE-2024-3448

CVE-2024-3448 affects Mautic, where users with low privileges can exploit improper access to ajax?action=plugin:focus:checkIframeAvailability to trigger a server-side request forgery. The flaw allows an attacker to analyze backend error messages and perform a back-end port scan. Public details in...

Debian: Security Advisory (DLA-3448-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2023-1499)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2023-1499)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fix...

CVE-2022-3448

CVE-2022-3448 describes a memory misreference/heap corruption vulnerability in Google Chrome’s Permissions API prior to 106.0.5249.119. The issue can be triggered when a user is convinced to perform specific UI gestures on a crafted HTML page, enabling remote execution of code via heap corruption...

openSUSE 15 Security Update : opera (openSUSE-SU-2022:10182-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10182-1 advisory. - Use after free in Skia. CVE-2022-3445 - Heap buffer overflow in WebSQL. CVE-2022-3446 - Inappropriate implementation in Custom Tabs...

MGASA-2022-0376 Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.119 version, fixing many bugs and 6 vulnerabilities. Some of the security fixes are: High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability...

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.119 version, fixing many bugs and 6 vulnerabilities. Some of the security fixes are: High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability...

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10151-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10151-1 advisory. - Use after free in Skia. CVE-2022-3445 - Heap buffer overflow in WebSQL. CVE-2022-3446 - Inappropriate implementation in Custom Tabs...

Chromium: CVE-2022-3448 Use after free in Permissions API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...