Oracle Linux 8 : libsndfile (ELSA-2022-1968)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1968 advisory. 1.0.28-12 - fix heap buffer overflow in flac 2030507 1.0.28-11 - a crafted wav file could cause heap buffer overflow that allowed an arbitrary code...

new packages: apache-commons-codec

An update is available for apache-commons-codec. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

AlmaLinux 8 : libsndfile (ALSA-2022:1968)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1968 advisory. - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to...

USN-5420-1: Vorbis vulnerabilities

It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2017-14160, CVE-2018-10392, CVE-2018-10393...

Ubuntu 16.04 ESM : libsndfile vulnerability (USN-5409-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5409-1 advisory. It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user o...

USN-5409-1 libsndfile vulnerability

It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a...

USN-5409-1: libsndfile vulnerability

It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a...

libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4) +37835 more potentially affected by CVE-2022-24823 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.76.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves:...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

DEBIAN-CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-24823

CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty's package io.netty:netty-codec-http versions prior to 4.1.77, which stems from...

GSD-2022-1001571 ASoC: codecs: rx-macro: fix accessing compander for aux

ASoC: codecs: rx-macro: fix accessing compander for aux This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point,...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

Denial Of Service (DoS)

go-ipfs is vulnerable to denial of service. The use of go-codec-dagpb dependency with an issue allows external user who download or export data to traverse certain malformed graphs and cause an application crash...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...