14089 matches found
EUVD-2026-40836
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40758
Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
CVE-2026-14149
Concerning CVE-2026-14149: A use-after-free in Chrome’s Audio path on Linux (Chromium-based) allowed remote code execution via a crafted HTML page. Affected product: Google Chrome on Linux. Root cause: use-after-free in Audio component; impact: arbitrary code execution. Vulnerability is mitigated...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. id: CVE-2021-35336 info: name: Tieline IP Audio Gateway =2.6.4.8 -...
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
Trinity Audio <= 5.21.0 - Information Exposure
The Trinity Audio Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
CVE-2026-54233
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-10593
The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...
CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-49417
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
...
UBUNTU-CVE-2026-53291
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...
CVE-2026-52964
A flaw was found in the Linux kernel's ALSA USB audio component. The USB MIDI 2.0 endpoint parser, responsible for handling audio device descriptors, failed to properly validate the length of these descriptors. This vulnerability could allow a local attacker, by connecting a specially crafted...
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
EUVD-2026-39193
In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...