EUVD-2016-5650

Malware in sbrugna...

EUVD-2022-34836

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-6602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file, as demonstrated by an...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

CVE-2020-0286

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479...

LG webOS 操作系统命令注入漏洞

LG webOS is a Linux kernel-based smart TV operating system from LG Corporation in South Korea. An OS command injection vulnerability exists in LG webOS, which originates from an OS command injection vulnerability in the getAudioMetadata method of the com.webos.service.attachedstoragemanager...

PT-2023-9036

Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7 Description A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service. This vulnerability can be triggered by a series of specially crafted...

ChromeOS vulnerability found by Microsoft

Microsoft recently released a report about a ChromeOS remote memory corruption vulnerability. The issue has already been fixed. In fact, it was reported to Google in April. The fix was applied shortly after, and released on June 15. The resulting deep-dive from Microsoft is a fascinating look at...

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service DoS or, in extreme cases, remote code execution RCE. Following our D-Bus blog post that focused on Linux, we searched for similar...

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service DoS or, in extreme cases, remote code execution RCE. Following our D-Bus blog post that focused on Linux, we searched for similar...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata...

Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by the Dhowden personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: index out of range" to be read via readAPICFrame...

Google Android Information Disclosure Vulnerability (CNVD-2020-54307)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Android version 11, which stems from a possible residual data leak of audio metadata from Bluetooth AVRCP. An attacker could exploit the...

openSUSE Security Update : libmediainfo / mediainfo (openSUSE-2020-1390)

This update for libmediainfo, mediainfo fixes the following issues : libmediainfo was updated to version 20.08 : Added : - MPEG-H 3D Audio full featured support group presets, switch groups, groups, signal groups - MP4/MOV: support of more metadata locations - JSON and XML outputs: authorize...

CVE-2020-0286

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479...

CVE-2020-0286

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479...