SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

Astra Linux - уязвимость в exiv2

A flaw was discovered in Exiv2 in versions prior to and including 0.27.4-RC1. Improper input validation of the rawData.size property in the Jp2Image::readMetadata function, located in jp2image.cpp, can lead to a heap-based buffer overflow through a specially crafted JPG image containing malicious...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, there is an out-of-bounds read in the Exiv2::MrwImage::readMetadata function in mrwimage.cpp. This could lead to a denial of service...

SUSE CVE-2026-23388

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

EUVD-2026-15388

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

CVE-2026-23388

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

CVE-2026-23388

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

CVE-2026-23388

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

CVE-2026-23388 Squashfs: check metadata block offset is within range

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfscopydata" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offse...

CVE-2026-23388

CVE-2026-23388 concerns the Linux kernel Squashfs subsystem. A corrupted index lookup can yield a negative metadata block offset, leading to an out-of-bounds access in squashfs_copy_data via squashfs_read_metadata. The issue is resolved by adding a metadata offset range check in squashfs_read_met...

PT-2026-27753

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs copy data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the drwavreadsmpltometadataobj function. An attacker can cause memory corruption by supplying a specially crafted WAV file that exploits a mismatch between sample loop count validation and processing,...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-0727

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

EUVD-2025-33388

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2025-59968

CVE-2025-59968 concerns Juniper Networks Junos Space Security Director where a Missing Authorization flaw allows an unauthenticated remote attacker to read or modify metadata via the web interface. Tampering with metadata could cause managed SRX Series devices to permit traffic that should be blo...

PT-2025-41407

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space Security Director versions prior to 24.1R3 Patch V4 Description A missing authorization issue exists in Juniper Networks Junos Space Security Director. An unauthenticated network-based attacker can read or modify...

EUVD-2017-15942

Malware in sbrugna...