CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content...

GSD-2022-1000650 ASoC: hdmi-codec: Fix OOB memory accesses

ASoC: hdmi-codec: Fix OOB memory accesses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.8 by commit...

Fedora: Security Advisory for flac (FEDORA-2022-db30f1bd42)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: flac-1.3.4-1.fc35

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.2.5 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

GSD-2022-1000280 ASoC: hdmi-codec: Fix OOB memory accesses

ASoC: hdmi-codec: Fix OOB memory accesses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.22 by commit...

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

CVE-2022-24049

CVE-2022-24049 affects Sonos One Speaker (S1/S2). The root cause is a stack-based buffer overflow in the ALAC audio codec due to insufficient validation of the length of user-supplied data before copying. This allows remote code execution with root privileges on affected installations. Affected v...

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

SUSE SLES15 Security Update : libsndfile (SUSE-SU-2022:0052-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:0052-2 advisory. - CVE-2021-4156: Fixed heap buffer overflow in flacbuffercopy that could potentially lead to heap exploitation bsc1194006. Tenable has extracted the...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

PT-2022-7268 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: Libde265 versions 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the put qpel fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video file. The...

USN-5280-1: Speex vulnerability

It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service...

(Pwn2Own) Sonos One Speaker ALAC Frame Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the lack of proper validation of the leng...

Mageia: Security Advisory (MGASA-2021-0327)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33498

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation issue 1 of 2...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...