OESA-2026-2225 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...

CVE-2026-5405

CVE-2026-5405 : Wireshark contains a heap-based buffer overflow in the RDP protocol dissector that affects versions 4.6.0–4.6.4 and 4.4.0–4.4.14. This vulnerability can cause a denial of service and may allow code execution. The initial descriptions identify a crash in the RDP dissector as the un...

CVE-2026-5405

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

SUSE CVE-2013-3245

plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...

nginx 1.1.19 < 1.28.3 / 1.29.x < 1.29.7 Multiple Vulnerabilities in ngx_http_mp4_module

The installed version of nginx is 1.1.19 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by multiple vulnerabilities : - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-wri...

USN-8071-1: NSS vulnerability

It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...

freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

EUVD-2025-203927

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...

CVE-2025-67074

CVE-2025-67074 affects Tenda AC10 V4.0 firmware 16.03.10.20. A buffer overflow in the bin httpd function fromAdvSetMacMtuWan can be triggered by a crafted POST to /goform/AdvSetMacMtuWan (manipulating the serverName field), potentially causing denial of service and possibly code execution. Exploi...

CVE-2025-60686

ToToLink routers (A720R V4.1.5cu.614_B20230630; LR1200GB V9.1.0u.6619_B20230130; NR1800X V9.1.0u.6681_B20230703) contain a local stack-based buffer overflow in infostat.cgi and cstecgi.cgi. Both binaries parse /proc/net/arp using sscanf() with the %s specifier into fixed-size stack buffers withou...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : X.Org X Server vulnerabilities (USN-7846-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7846-1 advisory. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these...

Linux Distros Unpatched Vulnerability : CVE-2007-0255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a certain M3U file that...

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

Ubuntu 14.04 LTS : OpenLDAP vulnerabilities (USN-7698-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7698-1 advisory. It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause...

Security Vulnerabilities fixed in Firefox ESR 115.27 — Mozilla

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Memory safety bugs...

Linux Distros Unpatched Vulnerability : CVE-2019-17013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough...

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

Linux Distros Unpatched Vulnerability : CVE-2023-2194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace data-block0 variable was not capped to a number...

Linux Distros Unpatched Vulnerability : CVE-2022-1212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-After-Free in strescape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. CVE-2022-1212 No...

USN-7234-4 linux-aws vulnerabilities

Ye Zhang and Nicolas Wu discovered that the iouring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...