Lucene search
K

413 matches found

RedHat Linux
RedHat Linux
added 3 days ago4 views

gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36802

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.14 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 7:10 p.m.37 views

CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 7:10 p.m.5 views

CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 7:10 p.m.33 views

CVE-2026-53704

GStreamer: RealMedia demuxer in gst-plugins-ugly contains an out-of-bounds read in the FILEINFO metadata parser. The demuxer parses variable-name and variable-value pairs with re_skip_pascal_string() without validating offsets against the mapped buffer, and the element count used to control the p...

7.1CVSS5.3AI score0.00221EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/15 7:10 p.m.8 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.3AI score0.00221EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/15 7:10 p.m.8 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS4.8AI score0.00221EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 12:0 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the rmdemux process when parsing a specially crafted RealMedia file containing a malformed FILEINFO metadata section. An attacker can cause the application to crash, hang, or potentially access limited adjacent...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 7:24 a.m.5 views

SUSE-SU-2026:21200-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content attribute actio...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/04/14 3:41 p.m.9 views

SUSE-SU-2026:21195-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6AI score0.00728EPSS
Exploits0References12
OSV
OSV
added 2026/03/24 8:54 a.m.4 views

SUSE-SU-2026:0993-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS5.8AI score0.01527EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1312)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.2AI score0.01527EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 6:35 p.m.3 views

SUSE-SU-2026:0876-1 Security update for go1.26

This update for go1.26 fixes the following issues: Update to go1.26.1 bsc1255111: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138: crypto/x509: panic in name...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2026/03/11 6:34 p.m.9 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. CVE-2026-27142: html/template: URLs in meta content attribute actions are...

5.4CVSS5.8AI score0.00728EPSS
Exploits0References14
OSV
OSV
added 2026/03/10 8:44 a.m.2 views

BIT-GOLANG-2026-27139 FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS5.9AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/07 12:30 a.m.7 views

EUVD-2026-10087

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

5.9AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/03/06 10:16 p.m.5 views

CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS0.00201EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 10:16 p.m.7 views

AZL-79541 CVE-2026-27139 affecting package golang 1.25.7-1

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS7.5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder