40 matches found
CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the media parsing process. An attacker can access arbitrary files on the system by supplying crafted file paths. Details A Directory Traversal attack also known as...
OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read
Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...
GHSA-F6PF-4GJX-C94R OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read
Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...
CVE-2026-32846
OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...
GHSA-HGGM-X7R9-MM7V OpenClaw is vulnerable to Path Traversal through path validation bypass
OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...
OpenClaw is vulnerable to Path Traversal through path validation bypass
OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...
EUVD-2026-16248
OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...
CVE-2026-32846
OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...
CVE-2026-32846
OpenClaw prior to 2026.3.23 contains a path traversal vulnerability in media parsing that can read arbitrary files by bypassing path validation in isLikelyLocalPath() and isValidMedia(), with the allowBareFilename bypass enabling access to files outside the application sandbox. Impact includes di...
CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read
OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...
CVE-2026-32846
OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...
PT-2026-28443
Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.3.23 Description The software contains a path traversal issue in media parsing. This allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. The...
Linux Distros Unpatched Vulnerability : CVE-2024-53104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead ...
SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2025:0708-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0708-1 advisory. This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi:...
SUSE SLES12 Security Update : kernel (Live Patch 53 for SLE 12 SP5) (SUSE-SU-2025:0667-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0667-1 advisory. This update for the Linux Kernel 4.12.14-122194 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi: mac8021...
SUSE SLES15: kernel-livepatch-5_14_21-150400_24_125-default / etc (SUSE-SU-2025:0687-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0687-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-40956: dmaengin...
SUSE-SU-2025:0698-1 Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes bsc1227320. - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklis...
RHEL 8 : kpatch-patch-4_18_0-553, kpatch-patch-4_18_0-553_16_1, and kpatch-patch-4_18_0-553_30_1 (RHSA-2025:1657)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1657 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...
CLSA-2025-1739522296 Fix of 7 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-url: https://ubuntu.com/security/CVE-2024-41020 - filelock: Fix fcntl/close race recovery compat path CVE-url: https://ubuntu.com/security/CVE-2024-43892 - memcg...