CLSA-2026-1777878328 libxml2: Fix of 2 CVEs

CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover related to newDoc-oldNs...

OESA-2026-1449 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in SoupServer. This HTTP request smuggling vulnerability occur...

Unity Linux 20.1070e Security Update: varnish (UTSA-2025-684696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-684696 advisory. Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client- side desync via HTTP/1 requests, because the product...

EUVD-2023-41929

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-10488

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206,...

CVE-2023-52921

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2023-52921 drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2023-52921

The CVE-2023-52921 entry affects the Linux kernel’s DRM/amdgpu path, where a use-after-free (UAF) can occur in amdgpu_cs_pass1. The root cause is that the gang_size check is outside the chunk parsing loop, so i must be reset before freeing the chunk data. This vulnerability has been addressed by ...

CVE-2023-52921 drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2023-52921

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2023-38104

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2023-38103

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CLSA-2024-1712261257 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix infinite recursion when parsing HTTP chunks...

CVE-2024-20849

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-20849

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-20849

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-20849

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-20849

The CVE-2024-20849 issue affects libsdffextractor, with an out-of-bounds write in the chunk parsing implementation. Versions prior to SMR Apr-2023 Release 1 are vulnerable and could allow local attackers to execute arbitrary code. The available connected document (PT-2024-18758) confirms the affe...

PT-2024-18758 · Unknown · Libsdffextractor

Name of the Vulnerable Software and Affected Versions: libsdffextractor versions prior to SMR Apr-2023 Release 1 Description: The issue is related to an Out-of-bound Write vulnerability in the chunk parsing implementation. This allows local attackers to execute arbitrary code. Recommendations: Fo...