Lucene search
K

494 matches found

Rockylinux
Rockylinux
added 5 days ago6 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week4 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week3 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 8:17 p.m.7 views

CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

DEBIAN-CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 7:47 p.m.6 views

EUVD-2026-39551

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

5.9AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:47 p.m.6 views

CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

5.9AI score0.00339EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 7:47 p.m.21 views

CVE-2026-46602

The CVE-2026-46602 issue affects the TIFF decoder in golang.org/x/image: it does not enforce a limit on tile sizes in tiled TIFF images, which can lead to unbounded memory consumption when processing a malicious or corrupted image with a very large tile. This is stated across multiple sources in ...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 7:47 p.m.23 views

CVE-2026-46602 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

0.00339EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: AV1 – Fix for the tile info buffer size. Each tile consists of: rowsb, colsb, startpos, and endpos 4 bytes each. Therefore, the total memory required is AV1MAXTILES 16 bytes. Use the correct define to allocate...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, the progressivedecompresstileupgrade function detected mismatches using progressiverfxquantcmpequal, but only emitted a WLogWARN message; execution continued. The wrapped value 247 was used as a shift...

7.5CVSS6.1AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 11:55 a.m.2 views

SUSE-SU-2026:2622-1 Security update for libheif

This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...

8.8CVSS6.1AI score0.00514EPSS
Exploits6References45
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-9029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before...

7.3CVSS6AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 2:17 p.m.3 views

UBUNTU-CVE-2026-9029

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS5.9AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 1:18 p.m.7 views

EUVD-2026-38243

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS6.7AI score0.1546EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...

7.3CVSS5.7AI score0.0025EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 10:50 p.m.4 views

GO-2026-5062 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 7:15 p.m.40 views

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS0.0031EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/15 7:15 p.m.9 views

CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder