CVE-2024-56189

In SAEMMDiscloseMsId of SAEMMRadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36897

In unknown of cdCnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-36024

Name of the Vulnerable Software and Affected Versions: NdkMediaCodec affected versions not specified Description: Multiple functions within NdkMediaCodec.cpp may experience an out-of-bounds write due to a heap buffer overflow. Successful exploitation of this issue could lead to local privilege...

PT-2025-35872

Name of the Vulnerable Software and Affected Versions: SAEMM affected versions not specified Description: An out-of-bounds read issue exists in the SAEMM DiscloseMsId function within SAEMM RadioMessageCodec.c. This could lead to remote information disclosure after authentication, requiring no...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4227 more potentially affected by CVE-2025-58057 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.4.Final)

io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-58057 Source advisory: SNYK:JAVA-IONETTY-12485152...

media: mtk-vcodec: potential null pointer deference in SCP

...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3475 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.4.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-58056 Source advisory: SNYK:JAVA-IONETTY-12485149...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +27603 more potentially affected by CVE-2025-58057 via io.netty:netty-codec (>=4.0.0.Alpha1 <=4.1.124.Final)

io.netty:netty-codec MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4227 more potentially affected by CVE-2025-58057 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.4.Final)

io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-58057 Source advisory: OSV:GHSA-3P8M-J85Q-PGMJ...

CVE-2025-26416

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26416

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26416

The CVE-2025-26416 issue affects SkBmpStandardCodec.cpp in the initializeSwizzler path, described as a heap buffer overflow that causes an out-of-bounds write. The practical result is remote elevation of privilege with no additional execution privileges required and without user interaction. Publ...

CVE-2025-26416

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2023-44429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2023-48704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issu...

Linux Distros Unpatched Vulnerability : CVE-2023-48298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: TSX Asynchronous Abort condition bsc1139073. CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL...

RHEL 9 : libvpx (RHSA-2025:14140)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14140 advisory. The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia...

RHEL 9 : libvpx (RHSA-2025:14139)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14139 advisory. The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia...