CVE-2023-26075

CVE-2023-26075 is an intra-object overflow in the 5G MM message codec of Samsung Exynos modems (Exynos 850/980/1080/1280/2200; Exynos Modem 5123/5300; Exynos Auto T5123) caused by insufficient parameter validation when decoding the Service Area List. This affects Samsung Mobile Chipset and Baseba...

CVE-2023-26075

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter...

Debian: Security Advisory (DSA-1585-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2023-1002384 ALSA: hda: Do not unset preset when cleaning up codec

ALSA: hda: Do not unset preset when cleaning up codec This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.169 by commit...

GSD-2023-1002357 ALSA: hda: Do not unset preset when cleaning up codec

ALSA: hda: Do not unset preset when cleaning up codec This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.95 by commit...

PT-2023-35400 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to the ALSA hda codec, where the preset is not unset when cleaning up the codec. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Libde265 安全漏洞

Libde265 is a German h.265 video codec. A security vulnerability exists in Libde265 version 1.0.9, which stems from a buffer overflow issue...

CVE-2023-20933

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Earth Kitsune, an advanced persistent threat APT actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor called...

Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks

The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malwar...

SUSE CVE-2009-2628

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video...

SUSE CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected...

SUSE CVE-2016-10363

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and ca...

SUSE CVE-2017-2925

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-2991

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec related to decompression. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-6833

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted file...

SUSE CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

SUSE CVE-2017-15672

The readheader function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read...

SUSE CVE-2017-18244

The stereoprocessing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted aac file, related to ffpsapply...