netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

SUSE CVE-2023-53479

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

NewStart CGSL MAIN 6.06 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2025-0237)

The remote NewStart CGSL host, running version MAIN 6.06, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with...

OSV-2025-788 Heap-buffer-overflow in int arrow::bit_util::BitReader::GetBatch<int>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=447480433 Crash type: Heap-buffer-overflow READ 8 Crash state: int arrow::bitutil::BitReader::GetBatch auto arrow::util::RleBitPackedDecoder::GetBatch std::1::pair arrow::util::R...

Security Bulletin: Vulnerabilities in Netty-codec and Netty-handler might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Netty-codec and Netty-handler. Vulnerabilities include an incorrect validation of special crafted packet via SslHandler can lead to a native crash, the SniHandler can allocate up to 16MB of heap for each chann...

CLSA-2025-1758824659 gdk-pixbuf2: Fix of CVE-2022-48622

CVE-2022-48622: fix heap memory corruption issue in ANI decoder to prevent denial of service or code execution attack...

ROS-20250924-08

A vulnerability in the LZW decoder of the GdkPixbufc image loading library is related to information disclosure. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. information GdkPixbufs image loading library vulnerability is related to...

SUSE-SU-2025:03294-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces bsc1249090. Non-security issues fixed: - Bug in UDS dissector with Service...

Self-Supervised Learning of Graph Representations for Network Intrusion Detection

Detecting intrusions in network traffic is a challenging task, particularly under limited supervision and constantly evolving attack patterns. While recent works have leveraged graph neural networks for network intrusion detection, they often decouple representation learning from anomaly detectio...

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.40-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

[SECURITY] Fedora 43 Update: libsixel-1.10.5-4.fc43

An encoder/decoder implementation for DEC SIXEL graphics...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2025:03162-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03162-1 advisory. - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder bsc1246790. Tenable has extracted...

Advisory ROSA-SA-2025-2992

Software: dav1d 1.3.0 AXIS: ROSA-CHROME unaffected versions = dav1d-1.3.0-2 affected versions dav1d-1.3.0-2 CVE-ID: CVE-2024-1580 BDU-ID: 2024-04901 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the dav1d decoder of the iOS, iPadOS, visionOS, macOS, Fedora, and Safari browser operating systems i...

Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder bsc1246790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2025:03162-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder bsc1246790...

Linux Distros Unpatched Vulnerability : CVE-2019-20091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4Descriptor::GetTag in mp42ts when called from...

Linux Distros Unpatched Vulnerability : CVE-2016-2428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limi...

ROS-20250910-05

Vulnerability of the library for working with DICOM DCMTK format is related to dereferencing of the NULL pointer in the /libsrc/dcrleccd.cc component using a created DICOM file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability ...

Linux Distros Unpatched Vulnerability : CVE-2016-0842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2019-9720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because...